In order to trust the server certificate, client applications usually compare the signature on certificates with those of the Certificate Authorities (CAs) whose certificates are distributed with the client software. For example, the Java environment is distributed with a key store holding many CA certificates.
$ keytool -list -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit
| wc -l
334The self-signed server certificates that can be configured during OpenDJ setup are not recognized as being signed by any CAs. Your software therefore is configured not to trust the self-signed certificates by default. You must either configure the client applications to accept the self-signed certificates, or else use certificates signed by recognized CAs.
You can further debug the network traffic by collecting debug traces.
To see the traffic going over TLS/SSL in debug mode, configure OpenDJ to dump
debug traces from javax.net.debug into the
logs/server.out file.
OPENDJ_JAVA_ARGS="-Djavax.net.debug=all" start-ds
