Comment by KronisLV

Honestly, the most approachable way will be to use something like Keystore Explorer: https://keystore-explorer.org/

Alternatively, this guide focuses on Apache2 configuration but also goes through the certs https://www.openlogic.com/blog/mutual-authentication-using-a... (it’s a little dated though)

Here’s also something a bit more recent for Nginx https://darshit.dev/posts/two-way-ssl-nginx/