This isn’t a BigFix issue, you need an understanding of how PKI works.
You can generate your own certificates for the root server using the instructions Aram posted earlier.
If you pay for a certificate signed by VeriSign, Digicert, or other public authority that is already trusted by your OS / application (which is handled separately by your Java client, curl, postman, etc.) then it will “just work”.
If you are issuing certificates from an internal / private certificate authority, you can also make that work. You would need to update your browser, java, curl, etc. trust stores so that they trust your internal issuing authority.
The instructions for configuring curl to trust your internal/private certificate authority are in the link you posted. Give it a read.