I need both keystore and truststore jks files

Question

In order to install a self-signed certificate (DER coded) in an aws lambda layer, I would need to put it in jks file (According to the following example):

https://aws.amazon.com/blogs/compute/implementing-mutual-tls-for-java-based-aws-lambda-functions/#:~:text=The%20KeyStore%20and%20TrustStore%20are,now%20use%20the%20layer%20as%3A

But when I search how to convert it, everyone is telling that you don't export jks files, you only import certificates into keystore.

https://stackoverflow.com/a/30353086/23165387

So, it is something that I'm misunderstanding and the documentation are talking about other type of jks?

I tried referencing the der file directly in docker file like the example, but it still throws an SSL exception when i try to execute it.

ENV JAVA_TOOL_OPTIONS="-Djavax.net.ssl.keyStore=/opt/ca_cert.der -Djavax.net.ssl.keyStorePassword=changeit -Djavax.net.ssl.trustStore=/opt/ca_cert.der -Djavax.net.ssl.trustStorePassword=changeit"