So i’m using a standard SSL cert like any other server would have (with a cert for the domain, and intermediate cert)
The following combines the intermediate & server cert into one. Goes in order of your server cert first, followed by intermediate, next intermediate (if needed), etc.
sudo cat my-domain.crt intermediate.crt > cert-chain.txt
These then convert the chain cert & key into a pkcs12 format
openssl pkcs12 -export -inkey my-domain.key -in cert-chain.txt -out my-domain.pkcs12
This then uses the pkcs12 file and imports it into your keystore. I used a new keystore as i’ve only got the one domain on the Jetty server
sudo keytool -importkeystore -srckeystore my-domain.pkcs12 -srcstoretype PKCS12 -destkeystore keystore
These came from a number of Stack Overflow articles (accidentally closed them prior to writing this — sorry guys!)