While the the default for both ssl-keystore-type and ssl-truststore-type is "JKS" (Java KeyStore), alternatives like "pkcs12" (the modern standard) or other provider-specific formats are supported.

The native client requires them in the clear PEM format. Thus you need to be able to generate private/public keypairs in either format and convert between the two using the keytool utility and the openssl command. The exact configuration in this case would use  ssl-keystore and ssl-truststore as described here.

In addition to these, other formats that are supported by non default JSSE (like BouncyCastle) are accepted. You would need to register the security provider with the java run time environment before the  Gemfire SSL context is initialized. When using a custom provider, you must ensure these properties in your gfsecurity.properties file match the provider's specifications exactly.