I want to connect AWS Certificate Manager to fetch a public / private certificates from my Java application could be deployed on AWS or outside as well. The certificates are for MongoDb Atlas SSL Connections.

I have tried GET Certificate API for self-signed certificates which does not return me the private key (just the .pem encoded certificate and certificate chain). But in order to use this certificate from Java client for secure connection MongoDB, I need the private key as well to convert it to proper JKS / PFX format.

At the moment I do not have access to a private certificate for Export Certificate API which by documentation gives the private key as well which is needed to convert the certificate to PFX / JKS format.

Also, I am using OPENSSL for converting the .PEM encoded certificate to PFX / JKS format but in this case, I have to do it from Java code itself.

So I have two questions:

1. How do I fetch private key from AWS Certificate manager (for public/ self-signed certificates) so that I can convert it to PFX format?
2. Is that the correct way to convert PFX/JKS format (from Java code instead of using openssl from terminal) or am I missing something?