same problem here. But I'd like to propose the alternative approach of using IntelliJ's own CA/server certificate management

I'm lacking knowledge on how to convince JRuby to use the system's CA store for this, therefore I add the "help-wanted" label to this issue.

Another option that might work (feel free to call it workaround):

I assume the kroki-fetch-diagram has been set to avoid calling the Kroki server when serving the final page, and instead store the file at build time with the Antora site.

There is the possibility of the .asciidoctorconfig file that allows users to configure settings that are only used to configure the preview, which could then override the value to something that works with the preview.

Please give the following steps a try:

• in the antora-playbook.yml change the setting to kroki-fetch-diagram: '@' which will make it soft-set, which then allows it to be overwritten in the next step
• Add a .asciidoctorconfig file which needs to be located in a folder that's a parent to the document being edited.
• Add :kroki-fetch-diagram!:, which will unset the attribute for the preview in the plugin, so it is disabled for the IDE preview.

This should enable the preview use a image URL with the encoded diagram. I hope that this would use the system's CA store (haven't tried it as I'm lacking such a setup).

Please let me know if this second option works for you. I'll then add both options to the documentation.

In addition, I'll leave this issue open for a volunteer to pick it up to connect the JRuby mechanism to the JetBrain's certificate management that has been extended to use also the system's certificates, or to connect the JRuby mechanism to use system certificates.

The trick with .asciidoctorconfig works.

Another simple workaround that works for me is to remove kroki-fetch-diagram from antora-playbook.yml and pass it to antora through command line: antora --attribute kroki-fetch-diagram=true

There is now a pull request #1313