All Supported DevTest Releases.
Whenever Java attempts to connect to another application over SSL, it will be able to connect to that application if it can trust it.
The way trust is handled in the Java is that you have a truststore, typically $JAVA_HOME/lib/security/cacerts, that contains a list of all known Certificate Authority (CA) certificates, and Java will trust certificates that are signed/ issued by one of those CAs that exist within this truststore.
In this case, the client application did not know about the keypair issuer for the keystore being used with the VSM.
Export the certificate for the keypair used in the VSM and import this certificate to the client application truststore.
The client application needs to be restarted after this modification.