...
Navigate to an URL on your identity provider. This could be for example the well-known address for your IdP. In our example this is: https://keycloak.example.com/auth/realms/master/.well-known/openid-configuration
Click the lock symbol by the URL and then the right arrow on the right side. This example is for Firefox on OS X. It may look a little different in different browsers:
Click More information
Click View Certificate
Click the PEM (cert) download link
Save PEM file
Run command in terminal window on your Atlasssian server (*).
keytool -import -alias example_ca -cacerts -file example-com.pem
On Linux you may need to add sudo in front of command.
(*) If you need to find where Java runtime is located for your Atlassian product is running please open the path:https://<your-atlassian-server.example.comcom>//plugins/servlet/no.kantega.kerberosauth.kerberosauth-plugin/debuginfo
and you find the Java home folder used under environment .Then section:
When the certificate is successfully installed in Java’s cacerts file then restart your Atlassian product to have the necessary trust estabilshed.