While I have no idea what you are trying to achieve, I am guessing here.
My guess is that you need a client certificate to identify the client connecting to the web service.
Please remember this - your fellow forum members is not a resource - and this information - you could easily have found it yourself.
As developer you must be used to dig and read documentation to be able to complete the task at hand.
I you are like me - you use a lot of time to educate yourself to stay ahead an keep being an asset to your employer 
So based on my guess - I used the information from
This lead to the file:///usr/share/ca-certificates/trust-source/README
So to extracting the certificate using openssl storing it in a new PEM file (if the extractions fails - append the -legacy option)
openssl pkcs12 -in cert.pfx -clcerts -out cert.pem [-legacy]
To extract also the private key (again - if this fails - append -legacy option)
openssl pkcs12 -in cert.pfx -nodes -out cert.pem [-legacy]
A pfx file is usually password protected, so input the password when challenged.
Copy the extracted file to
sudo cp cert.pem /usr/share/ca-certificates/trust-source/anchors/
And update the trust
sudo update-ca-trust