When we require a new CA certificate for the API platform, the security team will sometimes provide a pfx file that includes CA keys and certs.
A PFX file, also known as PKCS #12, is a single, password-protected certificate archive that contains the entire certificate chain plus the matching private key. Essentially it is everything that any server will need to import a certificate and private key from a single file.
We need to convert the PFX certificate to Java keystore for API TLS authentication.
Get the key from the PFX file; this key is later used for p12 keystore (change the highlighted part)
The above steps will create a client.truststore, and a server.keystore for One-Way SSL. If the API platform uses Two-Way SSL, then simply implement the same steps above for server.truststore and client.keystore.