Need help to resolve application not able to read config data from Spring Cloud Config Server deployed in IST environment over HTTPS

Question

I configured the application to read the config information from spring cloud config server (spring boot application) which is deployed in IST environment (on PCF), I'm able to fetch the config data from URLs in postman and browser, but application is not able to read the config information and throwing following error.

Note : It's perfectly working and read the config data from the locally run cloud config server application with the following uri http://localhost:8888/

{"ts":"2023-03-29T06:19:32.205Z","uuid":"c5b3a331-49f9-4278-b3a3-3149f9a27809","type":"ERROR","msg":"\r\n\r\n***************************\r\nAPPLICATION FAILED TO START\r\n***************************\r\n\r\nDescription:\r\n\r\nConfig data location 'https://federatedconfigserver-ist.apps.stg.azr-cc-pcf.cloud.bns/' does not exist\r\n\r\nAction:\r\n\r\nCheck that the value 'https://federatedconfigserver-ist.apps.stg.azr-cc-pcf.cloud.bns/' at class path resource [application.yml] - 3:13 is correct, or prefix it with 'optional:'\r\n","class":"org.springframework.boot.diagnostics.LoggingFailureAnalysisReporter","pii":false,"thread":"restartedMain","mdc":{},"data":{},"tags":[],"trace":null,"span":null}

my Application.yml

spring:
  config:
    import: https://federatedconfigserver-ist.apps.stg.azr-cc-pcf.cloud.bns/

#    import: http://localhost:8888/

I tried with prefix import URI with configserver, now it's throwing a different error unable to find valid certification path to requested target, even though I already added my certificates to trust store with the following command

keytool -trustcacerts -keystore "C:\dev\federated-search-api\src\main\resources\trust\fsaapi.jks" -storepass password -importcert -alias fsaconfigcert -file "C:\Users\gopiraju.sontineni\Downloads\stg.azr-cc-pcf.cloud.bns.crt"

and added the following lines of code in application.yml

spring:
  config:
    import: configserver:https://federatedconfigserver-ist.apps.stg.azr-cc-pcf.cloud.bns/
  security:
    ssl:
      enabled: true
      trust:
        store: classpath:trust/fsaapi.jks
        password: password
        algorithm: JKS

Error:

{"ts":"2023-03-29T06:27:30.547Z","uuid":"9598c3f8-c019-4f23-98c3-f8c0195f23ba","type":"ERROR","msg":"Application run failed","class":"org.springframework.boot.SpringApplication","pii":false,"thread":"restartedMain","mdc":{},"data":{},"tags":[],"exception":{"message":"Could not locate PropertySource and the resource is not optional, failing","class":"org.springframework.cloud.config.client.ConfigClientFailFastException","hash":"13f3fe7b","cause":"SunCertPathBuilderException: unable to find valid certification path to requested target","stack":"org.springframework.cloud.config.client.ConfigClientFailFastException: Could not locate PropertySource and the resource is not optional, failing\r\n\tat org.springframework.cloud.config.client.ConfigServerConfigDataLoader.doLoad(ConfigServerConfigDataLoader.java:196)\r\n\tat org.springframework.cloud.config.client.ConfigServerConfigDataLoader.load(ConfigServerConfigDataLoader.java:101)\r\n\tat org.springframework.cloud.config.client.ConfigServerConfigDataLoader.load(ConfigServerConfigDataLoader.java:60)\r\n\tat org.springframework.boot.context.config.ConfigDataLoaders.load(ConfigDataLoaders.java:107)\r\n\tat org.springframework.boot.context.config.ConfigDataImporter.load(ConfigDataImporter.java:128)\r\n\tat org.springframework.boot.context.config.ConfigDataImporter.resolveAndLoad(ConfigDataImporter.java:86)\r\n\tat org.springframework.boot.context.config.ConfigDataEnvironmentContributors.withProcessedImports(ConfigDataEnvironmentContributors.java:116)\r\n\tat org.springframework.boot.context.config.ConfigDataEnvironment.processWithProfiles(ConfigDataEnvironment.java:311)\r\n\tat org.springframework.boot.context.config.ConfigDataEnvironment.processAndApply(ConfigDataEnvironment.java:232)\r\n\tat org.springframework.boot.context.config.ConfigDataEnvironmentPostProcessor.postProcessEnvironment(ConfigDataEnvironmentPostProcessor.java:102)\r\n\tat org.springframework.boot.context.config.ConfigDataEnvironmentPostProcessor.postProcessEnvironment(ConfigDataEnvironmentPostProcessor.java:94)\r\n\tat org.springframework.boot.env.EnvironmentPostProcessorApplicationListener.onApplicationEnvironmentPreparedEvent(EnvironmentPostProcessorApplicationListener.java:102)\r\n\tat org.springframework.boot.env.EnvironmentPostProcessorApplicationListener.onApplicationEvent(EnvironmentPostProcessorApplicationListener.java:87)\r\n\tat org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:176)\r\n\tat org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:169)\r\n\tat org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:143)\r\n\tat org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:131)\r\n\tat org.springframework.boot.context.event.EventPublishingRunListener.environmentPrepared(EventPublishingRunListener.java:85)\r\n\tat org.springframework.boot.SpringApplicationRunListeners.lambda$environmentPrepared$2(SpringApplicationRunListeners.java:66)\r\n\tat java.base/java.util.ArrayList.forEach(ArrayList.java:1540)\r\n\tat org.springframework.boot.SpringApplicationRunListeners.doWithListeners(SpringApplicationRunListeners.java:120)\r\n\tat org.springframework.boot.SpringApplicationRunListeners.doWithListeners(SpringApplicationRunListeners.java:114)\r\n\tat org.springframework.boot.SpringApplicationRunListeners.environmentPrepared(SpringApplicationRunListeners.java:65)\r\n\tat org.springframework.boot.SpringApplication.prepareEnvironment(SpringApplication.java:344)\r\n\tat org.springframework.boot.SpringApplication.run(SpringApplication.java:302)\r\n\tat org.springframework.boot.SpringApplication.run(SpringApplication.java:1306)\r\n\tat org.springframework.boot.SpringApplication.run(SpringApplication.java:1295)\r\n\tat com.bns.fsaapi.Application.main(Application.java:12)\r\n\tat java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\r\n\tat java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\r\n\tat java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\r\n\tat java.base/java.lang.reflect.Method.invoke(Method.java:566)\r\n\tat org.springframework.boot.devtools.restart.RestartLauncher.run(RestartLauncher.java:49)\r\nCaused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for \"https://federatedconfigserver-ist.apps.stg.azr-cc-pcf.cloud.bns/application/default\": PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target\r\n\tat org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:785)\r\n\tat org.springframework.web.client.RestTemplate.execute(RestTemplate.java:711)\r\n\tat org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:602)\r\n\tat org.springframework.cloud.config.client.ConfigServerConfigDataLoader.getRemoteEnvironment(ConfigServerConfigDataLoader.java:302)\r\n\tat org.springframework.cloud.config.client.ConfigServerConfigDataLoader.doLoad(ConfigServerConfigDataLoader.java:117)\r\n\t... 32 common frames omitted\r\nCaused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target\r\n\tat java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)\r\n\tat java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)\r\n\tat java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)\r\n\tat java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:259)\r\n\tat java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:642)\r\n\tat java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:461)\r\n\tat java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:361)\r\n\tat java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)\r\n\tat java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)\r\n\tat java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)\r\n\tat java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:178)\r\n\tat java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)\r\n\tat java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)\r\n\tat java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)\r\n\tat java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)\r\n\tat java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567)\r\n\tat java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)\r\n\tat java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:163)\r\n\tat org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:76)\r\n\tat org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)\r\n\tat org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66)\r\n\tat org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:776)\r\n\t... 36 common frames omitted\r\nCaused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target\r\n\tat java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)\r\n\tat java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:290)\r\n\tat java.base/sun.security.validator.Validator.validate(Validator.java:264)\r\n\tat java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:321)\r\n\tat java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:221)\r\n\tat java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)\r\n\tat java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:626)\r\n\t... 53 common frames omitted\r\nCaused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target\r\n\tat java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)\r\n\tat java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)\r\n\tat java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)\r\n\tat java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)\r\n\t... 59 common frames omitted\r\n"},"trace":null,"span":null}

how to tackle the above error?

I'm trying to read application configuration from external source through cloud config server application