If you have custom certificates for Identity Applications and Identity Reporting components, import those certificates into cacerts in the Identity Vault (C:\NetIQ\eDirectory\jre\lib\security\cacerts).
For example, you can use the following keytool command to import certificates into the Identity Vault:
keytool -import -trustcacerts -alias <User Application certificate alias name> -keystore <cacerts file> -file <User Application certificate file>
If you install SSPR on a different server than the User Application server, import the SSPR application certificate into idm.jks in the User Application (C:\NetIQ\idm\apps\tomcat\conf\idm.jks).
For example, you can use the following keytool command to import certificates into User Application:
keytool -import -trustcacerts -alias <SSPR certificate alias name> -keystore <idm.jks> -file <SSPR certificate file>