Which is the correct way to use javax.ws.rs.client.Client for SSL connections with .p12 file?

Our application should make use of javax.ws.rs.client.Client (whose implementation is provided by resteasy-jaxrs-3.0.19.Final.jar) to perform an HTTP POST request to an external service whose URL starts with https.The developers of the external service provided us a .p12 file to be used as certificate. First of all we run the command

openssl pkcs12 -info -in file.p12 -out filecertificate.crt -nodes

to generate the .cert file and tried to connect to the HTTPS service by this command, according to the specifications received from the providers of the service:

curl --cert /home/ec2-user/filecertificate.crt  --location 'https://veryverylongurl?client_id=effYyJAMjw49TdOg' --header 'X-Gravitee-Api-Key: x-y-z-k' --header 'Content-Type: application/json' --header 'Authorization: Basic Base64encodeddata' --data 'json object here'

This connections succeedes and now we must replicate the same thing inside our product in Java via the library indicated before. That's our code:

public DtoDiscoveryServiceToken getTokenByCredential(String baseURI, String clientId, String apiKey, String certificatePassword, byte[] signature, String user, String password) {        final String credentials = user+":"+password;        final DtoDiscoveryServiceTokenInput dtoDiscoveryServiceTokenInput = new DtoDiscoveryServiceTokenInput(true);        Client newClient = null;        try {            KeyStore keyStore = KeyStore.getInstance("PKCS12");            keyStore.load(new ByteArrayInputStream(signature), certificatePassword.toCharArray());            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());            keyManagerFactory.init(keyStore, certificatePassword.toCharArray());            SSLContext sslContext = SSLContext.getInstance("SSL");            sslContext.init(keyManagerFactory.getKeyManagers(), null, null);            newClient = ClientBuilder.newBuilder()                    .sslContext(sslContext)                    .build();        } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException | UnrecoverableKeyException e) {            e.printStackTrace();        }        Response response = newClient                .target(baseURI)                .path("veryverylongurl?client_id={clientId}")                .resolveTemplate("clientId", clientId)                .request(MediaType.APPLICATION_JSON)                .header("X-Gravitee-Api-Key", apiKey)                .header(HttpHeaders.AUTHORIZATION, "Basic "+Base64.getEncoder().encodeToString(credentials.getBytes()))                .accept(MediaType.APPLICATION_JSON)                .post(Entity.json(dtoDiscoveryServiceTokenInput));        try {            if (response.getStatusInfo().getFamily() != Response.Status.Family.SUCCESSFUL) {                throw new WebApplicationException(response.getStatusInfo().getReasonPhrase(), response.getStatus());            }            boolean hasEntity = response.hasEntity();            if(hasEntity) {                return response.readEntity(DtoDiscoveryServiceToken.class);            }            else {                return null;            }        } finally {            response.close();        }    }

where:

• user and password are the credentials of the standard user which must authenticate to the service
• certificatePassword is the password of the p12 file provided by the service developers
• signature is the p12 file loaded from database as array of bytes
• apiKey is the header X-Gravitee-Api-Key: x-y-z-k you can see in the curl command
• clientId is the identifier to be injected in the URL (the one of previous curl command)
• baseURI is the HTTPS uri of the server hosting the service.
• DtoDiscoveryServiceTokenInput is an object to be serialized as JSON to pass as data (always see the curl command)

The code does not work and we get simply a 400 Bad Request without further details. So, how shall we implement the previous code? Shall we use the .p12 file or the .cert one? Shall we perform some transformations on the files before proceeding with the call to the URL?