Login to the chroot and run this command:
# /etc/init.d/idp check
That will dump the environment variables, and you'll see the JRE that is used by the Shib IDP, which is `/opt/jre/bin/java`
So I would start by importing the https certificate for ADFS into `/opt/jre/jre/lib/security/cacerts`
I really like [KeyStore Explorer](https://keystore-explorer.org/) to manage java keystores. But there are also CLI ways to import the cert, which you can find by Googling.