Ok, I found the answer to the second portion of my question; so I thought I would post it.
1. Assume that you have a client cert in PEM format called client.pem.crt.
2. Assume that you have a CA root cert also in PEM format called cacert.pem.crt.
3. Assume that you have a client private key in PEM format called client.pem.privkey.
4. First, verify that the client cert was signed by the cacert.pem.crt file. Execute:
openssl verify -CAfile C:\test\cacert.pem.crt client.pem.crt
Response:
client.pem.crt: OK
5. If the response is ok, then proceed by combining the client private key and client cert into a single pkcs12 file which includes the CA Chain from the cacert.pem.crt file. Execute:
openssl pkcs12 -export -chain -CAfile C:\test\cacert.pem.crt -in client.pem.crt -inkey client.pem.privkey -out client_caChain.p12
Thats all there is to it. If you want to import this pkcs12 file into a jks file (Java KeyStore), just use the jdk keytool utility or better yet the handy KeytoolGUI utility (
http://www.waynegrant.info/keytool.html).
Hope someone else can use this info.
-MLA