If you are given an mTLS client certificate in the JKS (Java key store) format, you can use the following commands to turn it into a regular PEM file to use with OpenSSL and other tools.

keytool -importkeystore -srckeystore keystore.jks -destkeystore output.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass pass1234

openssl pkcs12 -in output.p12 -out output.pem -nodes

The keytool utility will ask you to pick a password for the P12 key store as well. And the openssl command will ask you to enter the same password back. After this, output.pem will not require a password to use.

If the tool you are using needs the certificate and the private key to be in separate files, you can split the PEM file into key and certificate files using these commands.

openssl pkey -in output.pem -out private.key

openssl x509 -in output.pem -out certificate.crt