Most browsers, including Internet Explorer, require that client certificates (which includes proxy certificates) be in the PKCS12 format rather than the X509 PEM format. Additionally, Java KeyStores require certificates to be in PKCS12 format. To convert a PEM formatted certificate to PKCS12 format, you need both the certificate and the private key for that certificate. Here's a typical openssl command and the resulting interactive session when converting PEM format to PKCS12 format:

        > openssl pkcs12 -export -in cert.pem -inkey key.pem -out cred.p12
        Enter Export Password:
        Verifying - Enter Export Password:
        >

First, an explanation of the command line options:

Next, some caveats of the interactive session: