Huge problems switching SSL sertificate

[av4x]

I have been trying unsuccessfully for a few weeks to replace an SSL certificate in our TM1/PAW/Cognos environment, but I just can’t get it to work. The server was originally set up by an employee who no longer works here, and I’ve tried to identify all the necessary keystores where the SSL certificate is stored — I believe I’ve found them all. To make things even more complicated, we introduced a new root and sub CA along with the new certificate, and these also need to be added to the environment.
We are using Planning Analytics Workspace 2.1.4 and Planning Analytics Spreadsheet Services 2.1.4. with mirantis and docker.
As far as I can tell, we are using CAM authentication. I have identified the following keystores:

C:\TM1 Installationsdateien\Planning Analytics Workspace 2.1.4\config\ssl\pa-workspace.pem
C:\ibm\cognos\certificates\customKeystore.pfx
C:\ibm\cognos\analytics\configuration\certs\CAMKeystore
C:\ibm\tm1_64\bin64\ssl\ibmtm1.kdb

What I have tried so far:

1. Adding the new key, the new SSL certificate, and the root and sub CA certificates in the correct order to the pa-workspace.pem file.
2. Importing the new SSL certificate, root CA, and sub CA into customKeystore.pfx.
3. Importing the new SSL certificate (with the label encryption) as well as the root and sub CA into the CAMKeystore.
4. Importing the new root and sub CA into ibmtm1.kdb.

When I try to open Planning Analytics in the browser, the new certificate is presented correctly, but the services no longer start cleanly, and I can no longer reach the login screen.

I am VERY grateful for any tips — I am slowly getting desperate.

[av4x]

Okay, I think I've made huge progress. After replacing the SSL certificate and the root and sub CAs, I can now log in to the browser. However, when I click on Reports and then select a server, another authentication window opens that didn't appear before. Does that mean there's another place where I have to enter SSL, root/sub?