Cacao is a master piece of Opscenter infrastucture.
Its administrative command line interface cacaoadm communicates with the Cacao agent through a JMX client using TLS.
This used to work for years until this build 4 of JDK 7 introduced in S11U1_17.
Note that the problem doesn't exist with build 3 of JDK7 in S11U1_15, neither on earlier builds of java and S11U1.
This happens at
    *** ServerHello, TLSv1
with
    %% Invalidated: [Session-1, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]
    main, SEND TLSv1 ALERT: fatal, description = certificate_unknown
    main, WRITE: TLSv1 Alert, length = 2
    [Raw write]: length = 7
    0000: 15 03 01 00 02 02 2E .......
    main, called closeSocket()
    main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed:java.security.cert.CertPathValidatorException: signature check failed
    main, called close()
Attached the full trace.
Please tell me how can I help providing more information.
I can also give you access to the platform where Cacao is running with a simple JMX client for reproducing the problem.
Thx
fred