# generate the private key in a new keystore
keytool -genkeypair -noprompt -alias server_cert -dname CN="<CommonName>, OU=<Org Unit>, O=<Org>, L=<City>, ST=<State>, C=<Country>" -keyalg RSA -keysize 2048 -keypass OurPassword -keystore keystore.jks -storepass OurPassword
# create the csr file
keytool -certreq -noprompt -alias server_cert -file server.csr -keystore keystore.jks -keypass OurPassword -storepass OurPassword
# get your CSR submitted and the signed certificate saved as server_cert.pem
# import the intermediate CA certificate
keytool -importcert -noprompt -alias intermediate -file intermediate.cer -keystore keystore.jks -storepass OurPassword
# import the root CA certificate
keytool -importcert -noprompt -alias root -file root.cer -keystore keystore.jks -storepass OurPassword
# import the signed certificate
keytool -importcert -noprompt -alias server_cert -file server_cert.cer -keystore keystore.jks -storepass OurPassword
# confirm you now have three certs in the keystore
keytool -v -list -keystore keystore.jks