Description of problem:
Step 1 is the CA (or a concatenation of CA+SubCAs). This is not clear and is very important, otherwise it wont work. In fact, it looks like the Certs on Step 1 and Step 3 are the same file. They are not.
It is not obvious to everyone that /etc/pki/ca-trust/source/anchors contains the CA.
I suggest to change
# cp YOUR-3RD-PARTY-CERT.pem /etc/pki/ca-trust/source/anchors
# cp YOUR-3RD-PARTY-CA-CHAIN.pem /etc/pki/ca-trust/source/anchors
Thanks, Germano. I've added this to the catch-all feedback bug for this procedure, BZ#1416232. Feel free to add any other feedback there.
*** This bug has been marked as a duplicate of bug 1416232 ***