I got it! Before anything though, it looks like I also didn't need the "-trustcacerts" parameter in step 8 as I was not trying to import a trusted CA certificate. That was done in Step 7. It still produced the same problem afterwards, so that particular parameter, though incorrect, was not the issue.
Here's how I resolved it after correcting step 8...
1) Going back to the CA server I went and looked at the server1.pem that was produced. I tried to validate it against the CA's certificate
openssl verify -CAFile CA.pem server1.pem
server1.pem: /C=REDACTED/ST=REDACTED/L=REDACTED/O=REDACTED/OU=REDACTED/CN=server1.domain.com
error 18 at 0 depth lookup:self signed certificate
OK
Seemed to be a clear indication that the certificate was not properly signed by OpenSSL.
2) I tried signing it using a different command I found here:
http://www.dylanbeattie.net/docs/ope...ssl_howto.html
I received a much different set of responses from OpenSSL including
Sign the certificate? [y/n]
1 out of 1 certificate requests certified, commit? [y/n]
3) I tried my validate command again and got a plain "OK"
4) I now tried to import this new server1.pem using the keytool command and actually got the following error:
keytool error: java.security.cert.CertificateParsingException: invalid
DER-encoded certificate data
5) When I looked at the file it seems that OpenSSL had added quite a bit of extra certificate information to the file. I deleted everything up to (but not including) the -----BEGIN CERTIFICATE----- line and tried the import one more time and it imported successfully!