all you need is OpenSSL and Java 7+!
First, let's generate a key from the PFX file; this key is later used for p12 keystore.
openssl pkcs12 -in example.pfx -nocerts -out example.key
Second command is almost the same, but it is about nokey and a crt this time to export the Certificates:
openssl pkcs12 -in example.pfx -clcerts -nokeys -out example.crt
Now, we have a key and and a crt file. The next step is to create a truststore, like so:
keytool -import -file example.crt -alias exampleCA -keystore truststore.jks
For the question: "Do you trust this certificate?" answer "yes," so it is then added in the truststore.
If you only need a truststore, you can stop here.
The last step is to create a keystore, like so:
openssl pkcs12 -export -in example.crt -inkey example.key -certfile example.crt -name "examplecert" -out keystore.p12
This p12 keystore is enough in many cases. However, if you still need a JKS keystore, you need one additional command:
keytool -importkeystore -srckeystore keystore.p12 -srcstoretype pkcs12 -destkeystore keystore.jks -deststoretype JKS