Generate the server keystore and export the servers key
keytool -genkey -alias alias -keystore app.keystore
Export the cert and convert for the client app
keytool -export -alias alias -keystore app.keystore -file exported-der.crt
openssl x509 -out exporter-pem.crt -outform pem -in exported-der.crt -inform der
Generate the client cert
keytool -genkey -alias clientCert -keystore client.keystore
keytool -export -alias clientcert -keystore client.keystore -file exported-client-der.crt
Import the client cert into the servers truststore
keytool -import -alias clientCert -keystore app.truststore -file exported-client-der.crt
For non java apps extract the clients private key using Portecle to make it available to the app
Add the servers key to the clients truststore e.g. keytool -import........
