The HTTP job may fail if the remote (server) SSL certificate is not added to agent's keystore.  

java.security.cert.CertificateException: signature verification failed - Certificate issuer: CN=Some Root CA s not in the client keystore.

Users may see this error as well:

11/01/20XX 00:00:12.345-0100 1 AppServicesPlugin.HTTP-V2_JOB/MYTEST.8/MAIN[HTTP(S)].CybHTTPAbstractProcessor.a[:926] - java.net.SocketException: Socket is closed
at sun.security.ssl.SSLSocketImpl.getOutputStream(SSLSocketImpl.java:1123)
at org.apache.hc.core5.http.impl.io.SocketHolder.getOutputStream(SocketHolder.java:77)
at org.apache.hc.client5.http.impl.io.LoggingSocketHolder.getOutputStream(LoggingSocketHolder.java:55)
at org.apache.hc.core5.http.impl.io.SocketHolder.getOutputStream(SocketHolder.java:85)
at org.apache.hc.core5.http.impl.io.DefaultBHttpClientConnection.sendRequestHeader(DefaultBHttpClientConnection.java:184)
at org.apache.hc.core5.http.impl.io.HttpRequestExecutor.execute(HttpRequestExecutor.java:131)

Release : 11.5, 11.5, R12

Component : CA Workload Automation System Agent

The certificate has to be added to the keystore.

The WA Agent can automatically add any new certificate to the default keystore cacerts in the agent install directory.  Add the following parameter to the agentparm.txt and restart the agent. 

https.client.ssl.accept_new_ca=true

Agent by default uses cacerts as client keystore, located inside agent install directory.  Users may use their own keystore, but will have to define path and password for it in the agentparm.txt.

For more information on parameter and to add the certificate manually, refer to this link.