The use of RedHat 9 as a base image (ubi9) for Sonatype images introduces a change in support for SHA-1 signed SSL certificates.
By default RHEL9 has disabled support for this less secure algorithm.
Ideally, your CA should be signing your certificate with a more secure algorithm. However, if the use of SHA-1 is unavoidable, it is possible to build a custom image with a simple dockerfile that enables the use of SHA-1
For example:
FROM sonatype/nexus-iq-server
USER root
# enabling back support for SHA1 signed certificates
RUN update-crypto-policies --set DEFAULT:SHA1