Correct Steven, I did not notice that Tomcat had to be running.
I launched configupdate and saw a "new" keystore/truststore "/opt/netiq/idm/apps/apache-tomcat-9.0.12/conf/apps-truststore.pkcs12" in my case.
I added the issuing ca to it and tried again. Due running this in a sandbox, I could not get in touch with the issuing CA (OCSP/CRL checking) - to help others, this can be disabeed by editing catalina.sh and add:
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.net.ssl.checkRevocation=false"

Now I authenticated and next problem has shown. But that is a new issue, so the "The global configuration for your server was not found" is now resolved by fixing the ca chain in the proper keystore/truststores.

Thanks.