Are you using Vault to store password? If yes, please make sure the vault connection is setup correctly and mapped in AD.
--------
You can generate your certificate, or you can use the same certificate which generate by you.
You can manually install the root certificate (the self-signed CA certificate you created) on the machine running Saviynt. This approach requires configuring Saviynt to trust the specific certificate you generated for your AD instance. This will make Saviynt trust the self-signed certificate for the domain.
Instead of self-signing the certificate, you can also obtain an SSL certificate from a trusted third-party certificate authority like DigiCert, GoDaddy, or others. This certificate will automatically be trusted by most third-party clients like Saviynt since it's issued by a recognized and trusted CA.
Note:-
Remember, using self-signed certificates can introduce security risks, as it opens up the possibility of other security vulnerabilities. If possible, it's best to use certificates from a recognized and trusted third-party CA to ensure the highest level of security and compatibility with various applications and services.
--------
You can import the certificate from any file but ensure that the content of the certificate is in the Base64 format.
The Java KeyStore (JKS) is the default keystore used in EIC environments. EIC also supports the Bouncy Castle FIPS Keystore (BCFKS) format for storing certificates. The BCFKS keystore format has been specifically designed to meet the Federal Risk and Authorization Management Program (FedRAMP) compliance standards.
