I am trying to do a self signed certificate for my local application for testing purposes. I managed to create a p12 keystore from which server certificate and a private key were generated. My server starts just fine. I used openssl and keytool.
The client application needs a trusted certificate.
How to generate this file? I tried a lot in the internet and did not find anything useful.
You can use either.
keytool -exportcert -keystore ksfile.p12 [-alias name] [-rfc] [-file file]
You can use the abbreviation -export for -exportcert. If you omit -file output is to standard output, which you can redirect or pipe in the usual way. If you don't specify -rfc the output is DER; if you do the output is PEM. PEM is usually better for copying to other systems, although most things that import certs nowadays can accept either DER or PEM. If you omit -file and don't redirect and thus output to your terminal (console, etc), PEM works but DER is always unusable and sometimes screws up your terminal/display/whatever.
openssl pkcs12 -in ksfile.p12 -nokeys -clcerts [-out file]
outputs the certificate(s) in PEM (no option for DER here, although some other OpenSSL functions have DER options). If you omit -out output is to standard output. If you have only one entry in the keystore, this will be the correct one. If you have multiple entries, this outputs all of them, and you must look at the 'comments' about friendlyname, issuer, and subject to identify the correct one.
See the man page on your system man pkcs12 or in recent versions man openssl-pkcs12 or on the web.