Instead of (or in addition to) SSO_DISABLE_SSL_CERTIFICATE_VALIDATION, the curl should be setup to use the provided SSO truststore (using --cacert option )

Note that multiple certificates may be needed (full certification path)