Configured SSL on Dev service desk application server . when we are opening URL we are getting below warning :-

"This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store."

Release : 17.1

Component : SDM - Classic UI

This message usually presents when you are using an SSL certificate that has NOT been issued by a known Root CA.  All SSL certificates need to be signed or authorised by a Root CA, or Certificate Authority.  Think of the Root CA certificate as the certificate which will "vouch" for the authenticity of your main SSL certificate.  

Most web browsers have a list of Root CA certificates that it will accept.  Example:  In Chrome, to view its Root CA listing:

1.  Under "Privacy and Security," click "Manage Certificates."
2.  On the popup that was launched, select "Trusted Root Certification Authorities'. The certificate will be displayed there.

What can happen in the scenario you are experiencing is usually caused by one of the following:

1.  Your SSL certificate was signed/authorised by a Root CA that your browser does not recognise

2.  Your SSL certificate is a self-signed certificate, which is mainly used in testing and not recommended in production environments.

You will need to review how your SSL certificate was created, if it was signed by a known Root CA or is self-signed.  You can view the SSL certificate's Root CA by running the following command:

keytool.exe -printcert -v -file test-SSL.cer

In the above, keytool.exe is a binary application that comes with most JRE implementations and test-SSL.cer is your SSL certificate.

The output will contain something like this which will help determine your certificate content:

Owner: CN=GTS CA 1O1, O=Google Trust Services, C=US
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

If your certificate is self-signed (does not have a valid Root CA or names its own server as the certificate authority), there is nothing that can be done as most browsers will by default block or warn against self-signed certificates.  You will need to obtain a new SSL certificate that has been signed by a valid Root CA.

If your certificate does name a Root CA, you will need to find out if it is included in the browser's own list of trusted Root CA's, or obtain a new SSL certificate that has been signed by a valid Root CA that the browser recognises. 

The above issue with the SSL certificates is generally a concern that falls outside of Service Desk and should be examined by your network and security teams.  Broadcom Support does not have any control over how SSL certificates are created, nor can we recommend a root CA to which to work with as this is a policy maintained by your organisation.