I figured it out, here is what I did to fix it, you probably ought to have instructions on this on the documentation so that users know how to do it.
1. Save the ALM certificate, you can do this from any web browser, you navigate to the site, in this case ALM then you click the lock icon in the top of the browser bar and select "view certificates" it should allow you to export that certificate as a ".cer" file.
2. Once you have the certificate someone with access to the Jenkins server will need to load that certificate and add it as a trusted certificate into the jenkins "cacerts" file. On my Jenkins server it is using the embedded jre in Jenkins and the cacerts file is located at "C:\Program Files (x86)\Jenkins\jre\lib\security" but this may be different on your jenkins server.
3. You can use java keytool or "keystore explorer" to add that certificate as "trusted" to the cacerts file that jenkins uses, the default password for all cacerts files is "changeit"