SSL handshake error with external OIDC provider

I have set up an external OIDC provider as an IDP in Okta.

I validated that the OIDC provider in question works when I integrate applications directly with it.

However, Okta fails to get an access/ID token after successfully redirecting with an authorization code.

Looking at the error log I see this:

Authenticate user with social login

failure : Unable to retrieve an access token for the Identity Provider

More detailed error:

com.sun.jersey.api.client.ClientHandlerException: PKIX path building failed: unable to find valid certification path to requested target

I presume this error is internally from Okta connecting to the OIDC token endpoint.
I’m confused why this is a problem since the domain in question for the token endpoint has a valid cert and doesn’t create problems when used with curl or from my browser.

@wrschneider Hi Bill, since you have been open a support ticket to with this issue. We will continue working on the issue in the ticket.