Hi Hubert,
please check if the CA issuing the final certificate is already contained in either cacerts and/our your local JKS Truststore file (default in your case).
The cert itself (the P12 file) needs to be imported as Keystore Alias into your IS (might be needed as a Truststore Alias additionally depending on the outcome of the check from my first question).
Hopefully the cert file and the P12 file are pointing to the same CA/cert.
Remember to clear the SSL cache and/or restart the IS after making changes to the keystore and truststore files.
When implementing the SOAPClient Call you need to invoke a pub.security:setKeyAndChain before the pub.client:soapClient or you can check if you can assign the Keystore and Truststore Aliases directly to the pub.client:soapClient service inputs.
Please check for the IS Administrators Guide and the IS Built-In-Services Reference for further informations.
Regards,
Holger