When we require a new CA certificate for the API platform, the security team will sometimes provide a pfx file that includes CA keys and certs.
A PFX file, also known as PKCS #12, is a single, password-protected certificate archive that contains the entire certificate chain plus the matching private key. Essentially it is everything that any server will need to import a certificate and private key from a single file.
We need to convert the PFX certificate to Java keystore for API TLS authentication.
For users who are using Windows with gitbash, you might experience the openssl command hung forever. If that happens, please try to use winpty to start another bash terminal to execute the openssl command.
Get the key from the PFX file; this key is later used for p12 keystore (change the highlighted part)
The above steps will create a client.truststore, and a server.keystore for One-Way SSL. If the API platform uses Two-Way SSL, then simply implement the same steps above for server.truststore and client.keystore.