export from Keychain Access, Maybe

You'll have to use the openssl command to do it. It's complex but here's an example of how it should be used.

openssl pkcs12 -export -in usercert.pem -inkey userkey.pem -out bundle.p12

That requires the original private key for the certificate plus the .pem file obtained from Apple.

Hi @jouwstrab

I'm not sure if you can use the same process as creating a P12 for the the JSS Tomcat cert, if it is these are the steps i took.

Create a CSR from Keychain Access:
Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority
-Make sure the Server name is correct
(This will create a public and private key within the login keychain, you'll use the private key in step 3)

Request the certificate using the CSR you just created:
Open the CSR with a text editor then select all of the text and paste it into the request on your certificate provider

Create a new Keychain:
Keychain Access > Create New Keychain
(remember the password you use to create it)

Import the certs to the new Keychain:
Download the certificate from your certificate provider, i suspect this part may be different for your needs as i chose
the certs for Tomcat, this gave me a folder with 3 certificates in it, 2 of those certs i dragged into the new Keychain,
the one cert i didn't drag in was name gdig2.crt.

Import the private key:
Highlight the Login Keychain and locate the private key with the same details as you you used to create the CSR,
drag that into your new keychain that has the 2 certs in already.

Export to P12:
Highlight all of the items in your new keychain, right click and choose Export and choose P12 as the format.

@May Thank you! That solution worked for me :)

Is this solution for on prem, cloud or both?