Unable to Authenticate OIDC: unable to find valid certification path to requested target

When attempting to authenticate via OIDC, the ES backend throws a javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target error. Not sure where the disconnect is, since the same CA chain is used without issue in Kibana. I’ve attached the relevant section from my config.yml file below.

openid_auth_domain:
  http_enabled: true
  transport_enabled: true
  order: 1
  http_authenticator:
    type: openid
    challenge: false
    config:
      openid_connect_url: https://<idp server>/auth/realms/master/.well-known/openid-configuration
      subject_key: preferred_username
      roles_key: roles
      verify_hostnames: false
      enable_ssl: true
      pemtrustedcas_filepath: "/usr/share/elasticsearch/config/ca/certs-all.pem"
  authentication_backend:
    type: noop

I hope you already have found a solution to your problem.
I found this post while also searching for a solution
I was able to use our own root ca with the following config:

          config:
            subject_key: unique_name
            roles_key: group
            openid_connect_url: "https:/domain to adfs/.well-known/openid-configuration"
            openid_connect_idp.enable_ssl: true
            openid_connect_idp.verify_hostnames: true
            openid_connect_idp.pemtrustedcas_filepath: "/usr/share/elasticsearch/config/ca.crt"