Charles 4.6.2, macos 12.1

Following this page, https://www.charlesproxy.com/documentation/using-charles/ssl-certificates/

I tried the following steps:

1. help->ssl proxying->save charles root cert
2. find where java lives: /usr/libexec/java_home
3. cd /Library/Java/JavaVirtualMachines/zulu-11.jdk/Contents/Home/lib/security
4. sudo keytool -import -alias charles -file  ~/Documents/charles-ssl-proxying-certificate.pem. THis prompts for 3 passwords, which I created new/radom passwords for (dont know what they are)
5. start java thusly: java -jar aem-publish-p4503.jar -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=8888
6. in charles proxy->ssl proxy settings Check Enable proxy settings.
7. Add URLs in "include" which the java server will call with port 443.

Now when my java app tries to hit api end points I added to the SSL proxying location, I get the following in the charles proxy sequence output:

URL https://npxx.net
Status  Failed
Failure SSL handshake with client failed: An unknown issue occurred processing the certificate (certificate_unknown)
Notes   You may need to configure your browser or application to trust the Charles Root Certificate. See SSL Proxying in the Help menu.
Response Code   200 Connection established
Protocol    HTTP/1.1

In java logs, I see this:

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

NOTE: the external end point the local java process is hitting has a wild card Multi SAN cert from comodo

=== UPDATE 1 ====

I found an undocumented way to add certificates, in charles proxy, there are some cert install options under help:

Help->SSL proxying->Install Charles Root Cert.

This does nothing. Presume it doesnt work on mac

Help->SSL proxying->Install cert on Java VMs

This does work, and prompts for password, then says complete, but doesnt help.