Trust XL CLI with XLR and XLD

Unfortunately, XL CLI has some limitations with non-trusted cert/self-signed and is not configurable at the application/JVM level.
You are on the right track.

For XL CLI, you would need to add the XL Deploy’s CA certificate to your XL CLI host.

On RHEL/CentOS 7, you place the certificate to be trusted (in PEM format) in /etc/pki/ca-trust/source/anchors/ and run sudo update-ca-trust . If the certificate is in OpenSSL’s extended BEGIN TRUSTED CERTIFICATE format, place it in /etc/pki/ca-trust/source .

On RHEL 6, you have to activate the system with update-ca-trust enable after installing the update.