Actually I mixed things a bit:
- there is a Java part as discussed
- there is a .Net consideration to all this, but ultimately it’s possible that Windows has trust there given the domain/environment to which your machines all belong
- some tasks follow Microsoft good practices and leverage Node.js, in which case it’s important to have that stack accept your custom certificates too. See this thread: