two way SSL and Trusted Certificate Authorities

You need the base64 "PEM" versions of the CA certificates. If you open them up in a text editor, they'll start with "===== BEGIN CERTIFICATE =====" and end with "====== END CERTIFICATE =====". The easiest way to get these, at least in Windows, is to first install it and then export it as base64. Once you have all of the CA certificates in base64, simply create a text file and add the text of each to the file, including the BEGIN and END headers/footers. Import this file as your CA bundle in the client SSL profile.

Also note that in order to validate a client certificate, you must have all of the CA certificates in the path from the issuer to the root. Example:

CA root -> subordinate CA -> issued client certificate

If I understand this correctly I need to convert the client certificate, which is in .crt & .key format) into the base64 PEM format

.crt and .key are just file extensions. if it is ascii format, you may open the file with text editor and check what format it is. there is information about file format in sslshopper.com below.

https://www.sslshopper.com/ssl-converter.html

hope this helps.

Just to be clear, we're talking about the CA certs. You'll never have a copy of the private key, just the public certificate. If you open that cert up with a text editor, you'll either see gobbledeegook - which would be the "DER" binary-encoded format, or PEM - which will start with "===== BEGIN CERTIFICATE =====" and contain several lines of ASCII characters. This is the format you need. Take this text, plus the PEM-formatted text of all of the other CAs, and put that into a single text file. Example:

===== BEGIN CERTIFICATE =====
dhduejdushsudhsksjsjssnsjdnd
JsjdjdnjssjshavggbajHaukagHa
...
===== END CERTIFICATE =====
===== BEGIN CERTIFICATE =====
dhduejdushsudhsksjsjssnsjdnd
JsjdjdnjssjshavggbajHaukagHa
...
===== END CERTIFICATE =====

This will be your CA bundle file.

Bmohanak, a certificate bundle is basically a text file that you create and import.