First, take the unencrypted file certificate.pfx (used on the server), and chop it up into key and PEM encoded certificate:
# openssl pkcs12 -in certificate.pfx -nodes -out certificate.key -nocerts
# openssl pkcs12 -in certificate.pfx -nodes -out certificate.pem -nokeys
Edit the certificate.key and certificate.pem files, remove the garbage before the actual key and cerfiticate.
Combine the key and certificate to a new encrypted pkcs12 file:
# openssl pkcs12 -export -in certificate.pem -inkey certificate.key -name “friendlyname” -out certificate.p12
Enter the new password.
Using Java Keytool, export the certificate from the pkcs12 file.
# keytool -export -keystore certificate.p12 -storetype pkcs12 -alias friendlyname -file server.cer
Import the certificate into a Java Key Store as a trusted certificate:
# keytool -import -keystore jssecacerts.jks -alias friendlyname -file server.cer
Enter something as keystore password and type “yes” to trust the certificate.