Java

SSL for tomkat?

Hello, I can not bind the chain of intermediate certificates.
The fact is that I have a Tomcat web server (embedded, used by the Spring Boot framework for the Java language),
and it only reads kestorage created by the keytool utility.
The utility has a limitation, it cannot add an already existing private key to the storage.
So I first use openssl to import an existing certificate in PKCS12 format:

openssl pkcs12 -export -in certificate.crt -inkey private.key -out keystore.p12 -name my.centr-i.ru -CAfile ca.pem -caname root

Next, I use the keytool utility:

keytool -importkeystore -deststorepass *** -destkeystore keystore.kdb -srckeystore keystore.p12 -srcstoretype PKCS12 -srcstorepass *** -alias my.centr-i.ru

I can already use the created keystore.kdb file successfully and most browsers will show
that the connection is secure.
However, when accessing through mobile browsers, a terrible warning is shown that the connection is not secure.
At the same time, the investigation showed that only on this site does not work https from mobile platforms (that is, the possibility of intercepting traffic by security programs as a reason disappears).
The utility at ssl-labs ( https://www.ssllabs.com/ssltest/ ) shows the cause of chain incomplete.
Next, I try to import an intermediate certificate to the existing keystore.kdb

keytool -import trustcacerrts intermediate.crt -keystore keystore.kdb

In this case, the utility asks for a password for the repository. I enter it correctly and nothing else happens.
The storage file does not change. There is no output. No activity. You can wait a long time. If you
press ctr + c - an error is displayed that

java.lang.Exception: Input not an X.509 certificate

The error says that the format is different. But everything was done according to the manual https://www.nic.ru/dns/service/ssl/pdf/INSTALL_tom...
Please help me to bind the certificate correctly