Using the ADD-ROLE token, driver processes the variable properly and adds it to the string for the role DN, but the driver generates the following error

DirXML Log Event -------------------
     Channel:  Publisher
     Status:   Error
     Message:  Code(-9205) Error in
ent+by+SOURCE+DN#XmlData:48 : Couldn't request assignment of role: 'CN=TESTROLE,CN=Level30,CN=RoleDefs,CN=RoleConfig,CN=AppCon
fig,CN=UserApplication,CN=IDMDriverSetAEHN,O=SERVICES' to identity: 'CN=testuser,OU=USERS,O=VAULT': com.novell.nds.dirxml.soap.UserA
ppClientException: java.lang.RuntimeException: PKIX 
path building failed: unable to find valid certification path to request
ed target
Checked the Vault server and USERAPP server for expired certs in edir, found that the userapp server certs had expired, renewed them, restarted edir and tomcat , still received the above error.

any ideas?

thanks in advance
Dave G.