diff --git a/CHANGELOG.md b/CHANGELOG.md
index 951af19a169..369666fd39f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,7 @@
 
 ### 4.9-SNAPSHOT
 #### Bugs
+* Fix #2163: fix kubernetes-client not support cert chain
 * Fix #2144: CRD's schema Default fields do not handle boolean and are prefixed with Raw keyword
 * KubernetesAttributeExtractor: handle possible /status subpath due to using status subresource on crd
 * Fix #2124: Raw Watch on CustomResource does not work if name specified
diff --git a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/internal/CertUtils.java b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/internal/CertUtils.java
index 449a83e07ad..6da83d24e75 100644
--- a/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/internal/CertUtils.java
+++ b/kubernetes-client/src/main/java/io/fabric8/kubernetes/client/internal/CertUtils.java
@@ -46,7 +46,9 @@
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.security.spec.RSAPrivateCrtKeySpec;
+import java.util.Collection;
 import java.util.concurrent.Callable;
+import java.util.stream.Collectors;
 
 public class CertUtils {
 
@@ -107,7 +109,7 @@ public static KeyStore createTrustStore(InputStream pemInputStream, String trust
 
   public static KeyStore createKeyStore(InputStream certInputStream, InputStream keyInputStream, String clientKeyAlgo, char[] clientKeyPassphrase, String keyStoreFile, char[] keyStorePassphrase) throws IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException, KeyStoreException {
       CertificateFactory certFactory = CertificateFactory.getInstance("X509");
-      X509Certificate cert = (X509Certificate) certFactory.generateCertificate(certInputStream);
+      Collection<? extends Certificate> certificates = certFactory.generateCertificates(certInputStream);
       PrivateKey privateKey = loadKey(keyInputStream, clientKeyAlgo);
 
       KeyStore keyStore = KeyStore.getInstance("JKS");
@@ -117,8 +119,8 @@ public static KeyStore createKeyStore(InputStream certInputStream, InputStream k
         loadDefaultKeyStoreFile(keyStore, keyStorePassphrase);
       }
 
-      String alias = cert.getSubjectX500Principal().getName();
-      keyStore.setKeyEntry(alias, privateKey, clientKeyPassphrase, new Certificate[]{cert});
+      String alias = certificates.stream().map(cert->((X509Certificate)cert).getIssuerX500Principal().getName()).collect(Collectors.joining("_"));
+      keyStore.setKeyEntry(alias, privateKey, clientKeyPassphrase, certificates.toArray(new Certificate[0]));
 
       return keyStore;
   }