You need to obtain the root and any intermediary certificates along with the device certificate. You may find it easier converting it into pkcs12 format so that it can be imported into WAS easily though there are other approaches.
I created a self signed certificate using openssl and converted is follows.
Run command from the same directory that has the RSA and end certificates.
openssl pkcs12 -export -out collaborationben.p12 -inkey collaborationben.key -in collaborationben.cert
enter password twice
You will need to add the root and then the intermediary certificates to SSL certificate and key management > Key stores and certificates > CellDefaultKeyStore > Personal certificates > Signer certificates.
The in personal certificates add the device cert. You should then see that the the chain is complete.
Add the wildcard certificate to the cell trust store so the nodes can communicate with each other otherwise you see errors in the node agent systemouts.
You will then need to instruct the inbound and outbound servers to use the certificate making sure you override the inherited values.