If you are implementing your own BBNA signed certificates, you need to ensure you add the Root CA and the new signed certificate to CLM’s Platform Manager keystore. To do this, simply download the Root CA and Signed certs as DER format (certificate.cer), and execute the following command against the Platform Manager’s keystore.
If you don’t know which JRE Platform Manager is using, check the wrapper.conf configuration file.
.\keytool –import –v –alias <alias_name> -file <path_to_cert_file>\<certfile>.cer –keystore <path_to_jre>\lib\security\cacerts
If you are prompted for password, the default is “changeit”