[keycloak-user] Add CA certificates for LDAPS ?

Hello. What would be the recommended way to add a custom CA certificates ? The documentation has a lot of different ways and so far none of them worked : - The X509_CA_BUNDLE env variable thing (It's running in a container), I can see the certificates in the JKS store but looks like they are completely ignored by the app server. - Added custom SPI to load a custom JKS store, same, no error at server start but they are completely ignored by the app server. This is the error I am getting : Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) at sun.security.validator.Validator.validate(Validator.java:262) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596) ... 99 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392) ... 105 more Another option would be to disable certificate verification on LDAPS as it's a trusted environment (last resort but well so far nothing else worked), would there be a way to do that? Connecting over LDAP is not an option a this prevent some features to work like password reset. Thanks.