I was successfully able to update a certificate chain using restman for a Private Key that already existed in my gateway. Apologies, I was incorrect in my previous post by including 'import' in the uri. Please also note that you need to do a PUT to update an existing key, in contrast to doing a POST to import a new one. Here is what I had to do:
1) Export the existing Private Keys by doing a GET on:
https://petwi04-ssg920-1:8443/restman/1.0/privateKeys
2) Extract the XML within the <l7:PrivateKey> tag for the Private Key that you want to modify("democlient" in my example)
3) Add the xmlns reference to the first line of the XML. Mine looked like this:
<l7:PrivateKey alias="democlient" keystoreId="00000000000000000000000000000002" id="00000000000000000000000000000002:democlient" xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
4) Modify the XML to reflect the change you want to make. I removed a certificate from the certificate chain by editing out everything(including the tags) from one of the <l7:CertificateData></l7:CertificateData> entries
5) Do a PUT to the '1.0/privateKeys/{id}' uri using the modified XML as the payload. This is the full URL I used:
https://petwi04-ssg840-1.ca.com:8443/restman/1.0/privateKeys/00000000000000000000000000000002:democlient
The end result here was that the certificate I manually edited out of the XML for this Private Key was removed from the Certificate Chain when I viewed the Private Key in the Policy Manager.