OpenId authentication failing with Certificate issue

Hi,

I am using elasticsearch-oss 7.0.1 rpm and installed opendistro_security(1.0.0.2) standalone plugin.
I am trying to authenticate access to elasticsearch via keycloak by enabling openid authentication.
Authentication is failing with the error: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

The keycloak server is configured with a self signed certificate and I have added this certificate to JAVA truststore where elasticsearch is running. I have also configured this certificate in pemtrustedcas_filepath parameter as shown below.

Attaching the relevant section of the config file.

basic_internal_auth_domain:
    description: "Authenticate via HTTP Basic against internal users database"
    http_enabled: true
    transport_enabled: true
    order: 0
    http_authenticator:
      type: basic
      challenge: false
    authentication_backend:
      type: intern
  openid_auth_domain:
    http_enabled: true
    order: 1
    http_authenticator:
      type: openid
      challenge: false
      config:
        subject_key: preferred_username
        roles_key: roles
        openid_connect_url: https://<keycloak-server>/auth/realms/elk/.well-known/openid-configuration
        pemtrustedcas_filepath: /home/tls.pem
    authentication_backend:
      type: noop

Can you please look into this and help me resolve this error?

Thanks,
Shivani