SSLHanshakeException while establishing communication from Springboot service to 3rd part api using p12 keystore

From our Springboot application we need to connect to a 3rd party service. And we have the p12 certificate provided by the third party vendor.

I was successfully establish communication with this service via browser and postman client just by importing the p12 certificate as pfx file.

Now I am trying to import or use this P12 certificate in my service to communicate.
But keep getting the following error.

feign.RetryableException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Methods that I tried:

1. using open ssl commands extracted the certificates and imported jks truststore from p12 file in one of my folders using keytool

   -Djavax.net.ssl.keyStoreType=pkcs12  
   -Djavax.net.ssl.keyStore=C:\thirdparty.p12 
   -Djavax.net.ssl.keyStorePassword=<pwd> 
   -Djavax.net.ssl.trustStoreType=jks 
   -Djavax.net.ssl.trustStore=C:\\thirdparty.jks 
   -Djavax.net.ssl.trustStorePassword=<pwd>

2. created a custom feignconfiguration as specified
   https://dzone.com/articles/ssl-based-feignclient-example-in-java-microcervice
3. Just imported p12 certificate in dockerfile and tried running the docker

   RUN cd /usr/lib/jvm/java-1.8-openjdk/jre/bin && keytool -importkeystore -deststorepass changeit - 
   destkeypass changeit -destkeystore cacerts -deststoretype pkcs12 -srckeystore  thirdparty.p12 - 
   srcstoretype PKCS12 -srcstorepass <pwd>

everything gives the same error.

I think I am missing something that could be very simple too.
Questions:

1. When I have p12 file from the vendor, do I need a separate truststore created for this?
2. Is there way I can just use the p12 and the password to establish the communication ?
3. Do I need to do the configuration in service level or in feign client level?

Thanks In advance.

1. Open URL in your browser and export certificate.

2. Find location of cacerts files :

   Example : C:\Program Files(x86)\Java\jre1.6.0_22\lib\security\cacerts.

3. Import the .cer file into cacerts in command line:

   keytool -import -alias example -keystore C:\Program Files (x86)\Java\jre1.6.0_22\lib\security\cacerts -file example.cer

Note : If asked for password enter : changeit

Restart your JVM/PC.

Thank for your input Amit Kumar.

Yes it works by importing the certificates in Truststore and providing the keystore as I mentioned in my question.

But the Springboot JPA Hikari is automatically trying to verify the Trustcertificates that I provided in java command line and hence the server was not coming up.

Trying to resolve that problem now.