Thanks, Ved.
When I create TR with your metadata using "File" supply method, it passes validation in my 3.0.1 instance. That's strange, taking into account your error in the 1st post and the fact name resolution seems to work fine in the container and you seem to be able to access that remote web server with wget either.. Just to be sure, could you also try to run this inside container? `# wget http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd`; then check the file, make sure it's indeed an xml document and not some kind of html error page.
Are you sure you are not limiting access to internet from inside your network? I guess this also could be some intermittent connectivity issue. Could you try to delete the TR, recreate again, delete, recreate etc, several times in a row, just to see whether it's reproducible? Also, please re-run this wget command before starting this test, to be sure connectivity is ok at this very moment.
>Also, as both of you pointed out, I updated the Sp Metadata URL to https. The Sp Metadata URL* is https://imchippo.com:9000/saml/metadata
>Now when I'm trying to Activate the Trust Relationship, I don't see the metadata validation error, but still the status is InActive.
>May be the status is InActive because of SSL handshake error.
Yes, I also suspect this is the cause. This time it most likely wasn't able to even establish connection and get the metadata, so validation phase didn't even start. In that case some Java exception should appear in `/opt/gluu/jetty/identity/logs/oxtrust.log`, so you could delete the TR, create it again while doing `tail -F` to this log file, waiting for any clues.
>Where & how should i add the certificate to the truststore of Gluu server?
You need to fetch SSL certificate in question and put it into, say, `~/imchippo-sll.crt` inside container. Then run this command: `# keytool -import -alias imchippo_sll -trustcacerts -file ~/imchippo-sll.crt -v -keystore /opt/jdk1.8.0_112/jre/lib/security/cacerts -storepass changeit`