Error: Failed to make identity provider oauth callback

Hi to all, I’ve a strange problem using an identity provider inside my test keycloak instance.
I try to explain:
I create two realm (serviceprovider and identityprovider) inside keycloak, both on the same https port 9443.
In the service provider i create an identity provider (pointing the identityprovider realm) and I can correctly login using the identity provider.

I add another realm, and in wildfly I create another https port 5443. I manage the new realm using the 5443 port instead of 9443. I create in service provider realm another identity provider pointing the new realm and using 5443 port.
the problem is that now using the new identity provider, after inserting credential (simple form), i receive this error from keycloak:

11:17:10,594 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default task-3) Failed to make identity provider oauth callback: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I can’t understand which certificate I’ve to insert in which truststore. https side I’m using the self signed https created from keycloak, so the https certificate is the same for 5443 and 9443 port.

any suggest?

sorry, i little clarification. I’ve the issue if my identity provider is on https. if the identity provider is not in https but in http it works fine.
So I’ve to understand which certificate are involved and in which truststore I’ve to insert them.

any idea?

Hi to all, just to inform that I’ve solved.
I need to create a truststore spi for the truststore containing the certificates of identity provider.