What you need is not a client certificate, but a certificate authority, see documentation here. Typically, the person who is in control of the REST API, or the server it is hosted on, can supply you with the correct certificate.
From the documentation on the sandbox environments here, it seems that you will not be able to configure this on a sandbox, so either you need to upgrade to a paid tier, or the team controlling REST API needs to add a certificate from a recognized certificate authority.