Add note about cert warning (#427)

Co-authored-by: Doug Clayton <[email protected]>

Author: dougclayton

articles/cyclecloud/how-to/ssl-configuration.md

@@ -84,14 +84,23 @@ If you want to import a PFX file, you can do it with the following command in Cy
 ./cycle_server keystore import_pfx server.pfx --pass PASSWORD
 ```
 
-Note the PFX file can only contain one entry.
+Note the PFX file can only contain one entry. Furthermore, the -pass argument is required, even if there is no password (use `--pass ''` in that case).
 
 Finally, if you make changes to the keystore outside of these commands, you can reload the keystore immediately in CycleCloud 7.9.7 or later:
 
 ```bash
 ./cycle_server keystore reconfig
 ```
 
+> [!NOTE]
+> If you get the following error, it indicates that Java does not have any trusted certificates available to it:
+>```
+>   the trustAnchors parameter must be non-empty
+>```
+>
+> Make sure that your OS certificates are installed in the correct place (for example, `/etc/ssl/certs` for Ubuntu-based distributions). In addition, if you have defined a trust store with the `-Djavax.net.ssl.trustStorePassword` setting (not recommended), make sure it contains at least one certificate.
+
+
 ### Keystore Implementation Details
 
 Certificates for CycleCloud are stored in `/opt/cycle_server/config/private/keystore`, in addition to other certificates needed for operation. The following is a non-exhaustive list of the items stored in the keystore: