Steps to set up Mutual Authentication: KeysIssue Generate a Private key pair on your side: keytool -genkey -alias ServiceNow_alias -keyalg RSA -validity 365 -keystore myKeystore.keystore -storepass pass123 -keypass pass123 Extract the Public certificate yourPublicCert.cer from the above keystore: keytool -export -alias ServiceNow_alias -keystore myKeystore.keystore -storepass pass123 -file yourPublicCert.cer Convert yourPublicCert.cer to yourPublicCert.pem: openssl x509 -inform der -in yourPublicCert.cer -out yourPublicCert.pem Supply the extracted Public Certificate yourPublicCert.pem to your third-party so that they can add it to their Trust Store. Now, prepare your keystore for Mutual Authentication: Convert the third-party's public certificate 3rdPublicCert.pem to 3rdPublicCert.cer: openssl x509 -outform der -in 3rdPublicCert.pem -out 3rdPublicCert.cer Import the third-party's public certificate 3rdPublicCert.pem into above-created Customer's Private key pair Keystore: keytool -import -alias Puppet -keystore myKeystore.keystore -file 3rdPublicCert.cer This keystore is now ready to be used for Mutual Authentication. Advise the customer to get their keystore certified by a CA, otherwise, it remains self-signed which is not recommended.Related LinksHelpful KB for debugging Mutual Authentication: KB0696599 - Debugging Mutual Authentication Mutual Authentication Overview: KB0691876 - Mutual Authentication: Overview