Let's say something like this is being returned after launching an IBM Application Client.

java.security.cert.CertPathValidatorException: The certificate issued by ACME is not trusted;

This means the Application Client program is attempting to make a security connection over SSL or TLS to some other system, and the connection could not be made because the connection is being made with a certificate that is not trusted. 

The imcl (Installation Manager command line tool) command with the listAvailablePackages option can be used to to list the Application Client packages that can be installed. In this example, the imcl command is located at /opt/IBM/InstallationManager/eclipse/tools/imcl but you may have the imcl command located at some other directory.

~]# /opt/IBM/InstallationManager/eclipse/tools/imcl listInstalledPackages -long
/opt/IBM/ApplicationClient com.ibm.websphere.APPCLIENT.v90_9.0.6.20171205_1311

In this example, since the Application Client package is installed at /opt/IBM/ApplicationClient, the Application Client program should be using the certificates in the /opt/IBM/ApplicationClient/java/lib/security/cacerts file. The Java keytool command can be used to list the certificates in the cacerts file.

keytool -list -keystore /opt/IBM/ApplicationClient/java/lib/security/cacerts

It is most likely the case that the certificate is not in the cacerts file. In this example, the error say the ACME certificate is not trusted, which means the ACME certificate is probably not in the cacerts file. If this is the case, the Java keytool command can be used to import the certificate into the cacerts file.

keytool -import -keystore /opt/IBM/ApplicationClient/java/lib/security/cacerts -file /path/to/ACME.cer -alias ACME

If the error continues, you may want to temporarily add the following to the launchClient.sh (on a Linux system) script to ensure that the JAVA_HOME variable contains /opt/IBM/ApplicationClient/java.

echo "JAVA HOME = $JAVA_HOME"