OPMS target linux machine accesses Internet (ASM SaaS) via a zscalar.
 
ZScalar replaces broadcom asm saas endpoints' certificate with company's certificate.

How do we install customer CA and certificate into asm-optunnel-client container? 
 
Resulting Error in registry.asm.saas.broadcom.com/debian12/asm-optunnel-client  logs 
 

INFO: Connecting to wss://opp2.asm.saas.broadcom.com:443/<ID>

Jun 25, 2025 9:04:20 PM com.ca.asm.optunnel.client.tyrus.TunnelReconnectHandler onConnectFailure

SEVERE: Reconnecting, attempt 1

jakarta.websocket.DeploymentException: Connection failed.

 at org.glassfish.tyrus.client.exception.Exceptions.deploymentException(Exceptions.java:40)

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Certificate names have to end in crt and be in PEM format.