Personally, I think the best approach would be a hybrid Java and Mendix solution, built the request via Mendix (mapping domain to XML), fire the request in java attaching the correct certificate, and then parse the response XML in Mendix using a XML to domain mapping. That way you keep most stuff within Mendix and only fire the request in the Java action.