In addition to the standard X509 *.cer certificates there are also certificate files ending with *.PFX or *.P12.The later ones are X509 certs as well, but may in addition contain a private key, too.PFX was a Microsoft extension, while P12 was the Netscape one.
Generating from Scratch using OpenSSL
1. Generate a 2048-bit RSA private key
$ openssl genrsa -out private_key.pem 2048
This will generate a key file in traditional key format also called ssLeay private key format.
2. Convert private Key to PKCS#8 format (so Java can read it)