Unable to Authenticate OIDC: unable to find valid certification path to requested target

#1

When attempting to authenticate via OIDC, the ES backend throws a javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target error. Not sure where the disconnect is, since the same CA chain is used without issue in Kibana. I’ve attached the relevant section from my config.yml file below.

openid_auth_domain:
  http_enabled: true
  transport_enabled: true
  order: 1
  http_authenticator:
    type: openid
    challenge: false
    config:
      openid_connect_url: https://<idp server>/auth/realms/master/.well-known/openid-configuration
      subject_key: preferred_username
      roles_key: roles
      verify_hostnames: false
      enable_ssl: true
      pemtrustedcas_filepath: "/usr/share/elasticsearch/config/ca/certs-all.pem"
  authentication_backend:
    type: noop