We are facing an SSL certificate issue in Pega 8.8.2 which is hosted on GKE. Have tried installing the certificates in all 3 locations mentioned below, but still the issue exists.

1. Installed certificate in cacerts which exists openjdk folder (/opt/java/openjdk/lib/security)
2. Installed certificate into platform store by using Pega OOTB activity “pxAddCertificatesToPlatformTruststore”
3. Even installed certificate into the file “TOMCAT_KEYSTORE_CONTENT” which is mentioned in server.xml file

Can someone please help in understanding which path does exactly pega considers while looking for keystore. We have below snippet came by default in server.xml file.

 <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"                        scheme="https" secure="true" SSLEnabled="true"                         relaxedQueryChars="[ ]"                        relaxedPathChars="[ ]"                        maxHttpHeaderSize="16384"                        maxSavePostSize="65536"                        connectionTimeout="20000"                        maxHeaderCount="100" >                        <SSLHostConfig certificateVerification="none" sslProtocol="TLS">                            {{ if ( and (exists "/opt/pega/tomcatcertsmount/TOMCAT_KEYSTORE_CONTENT") .Env.TOMCAT_KEYSTORE_PASSWORD ) }}

                           <Certificate certificateKeystoreFile="/opt/pega/tomcatcertsmount/TOMCAT_KEYSTORE_CONTENT"                                         certificateKeystorePassword="{{ .Env.TOMCAT_KEYSTORE_PASSWORD }}" />

                           {{ else }}

                           <Certificate certificateFile="/opt/pega/tomcatcertsmount/TOMCAT_CERTIFICATE_FILE"                                        certificateKeyFile="/opt/pega/tomcatcertsmount/TOMCAT_CERTIFICATE_KEY_FILE"                                        certificateChainFile="/opt/pega/tomcatcertsmount/TOMCAT_CERTIFICATE_CHAIN_FILE" />

                           {{ end }}

                       </SSLHostConfig>     </Connector>