After upgrading to DevTest 10.7.2 and SP3, the Identity Access Manager (IAM) log shows:
ERROR [org.keycloak.services] (executor-thread-9) KC-SERVICES0055: Error when authenticating to LDAP: simple bind failed: <ldap server>:636: javax.naming.CommunicationException: simple bind failed: <ldap server>:636 [Root exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
...
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
...
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
...
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The same certificates were working in DevTest 10.6
DevTest 10.7.2 with SP3
The Post-Installation section in the SP3 installation guide (Devtest 10.7.2 Service Pack 3 - Installation Guide.pdf):
If SSL Configured LDAP is being used, import the same certificates in JDK 11's cacerts file
located at <DevTestHome>/IdentityAccessManager/jdk/lib/security/cacerts.