Thanks for the tips guys.
I think the problem lies with the conversion to a Java Keystore. I've sucessfuly done it just last week when the intermediate was X1 but now the cert chain is missing.
I can convert it to jks with the X3 intermediate but now the root is missing.
Any handy command line resources to convert the pfx to jks? So i can verify what is wrong? Thanks.
This problem is also discussed here How to use the certificate for Tomcat - #24 by vlott
For some weird reason, ended up having to create the cert chain again this way...
openssl pkcs12 -in certificate-all.pfx -out clientcert.pem -nodes -clcerts cat clientcert.pem lets-encrypt-x3-cross-signed.pem dst-root-ca-x3.pem >> clientcertchain.pem openssl pkcs12 -export -in clientcertchain.pem -out clientcertchain.pfx keytool -importkeystore -srckeystore clientcertchain.pfx -srcstoretype pkcs12 -destkeystore clientcertchain.jks -deststoretype JKS