After creating and signing the certificates, the final step is to import the root certificate into the client Trust Store for each server (JACE) and browser.

There is no need to import the server certificates nor the intermediate CA certificates to any Trust Stores. Each server certificate carries within in it any intermediate certificate information. If you are acting as a local CA, you will need to import the root CA certificate into the Trust Stores. However, if the server’s certificate has been signed by a well-known trusted CA whose root certificate is already in the Trust Stores, then there are no additional steps required.

For the procedure, see Set up the platform and station Trust Stores.