When checking SSH keys ovirt-vmconsole-proxy-keys is having the following errors

ovirt-vmconsole[1583190]: 2021-11-18 17:21:42,503+0800 ovirt-vmconsole-list: ERROR main:265 Error: HTTP Error 403: Forbidden
ovirt-vmconsole-proxy-keys[1583186]: ERROR Key list execution failed rc=1

My Wildfly/vmconsole keystore may be bogus/expired:

2021-11-18 17:21:42,502+08 ERROR [org.ovirt.engine.core.services.VMConsoleProxyServlet] (default task-269) [] Error validating ticket: : sun.security.provider.ce
rtpath.SunCertPathBuilderException: unable to find valid certification path to requested target

How can I troubleshoot this?

1. What keystore/truststore is Wildfly/ovirt-engine using?

2. Does vmconsole -> Wildfly present a client certificate - mutual TLS? Where does it get this certificate/keypair from?

TIA

Richard Chan