When the server uses a certificate chain, all the certificates are saved to permanent or temporary trust store, but com.cloveretl.gui.server.util.ConfigurableX509TrustManager.checkServerTrusted() only works for single certificates, not for certificate chains. It explicitly checks if testedCerts.length == 1.
We could relax the condition to testedCerts.length > 0 and test only the first certificate (search if it's present in one of the provided trust stores).
Or we could create a TrustManagerFactory, intialize it with each trust store and call X509TrustManager.checkServerTrusted() with the whole certificate chain.
See chain.jks, it contains a certificate chain (virt-gray -> intermediate CA -> root CA) from virt-gray.