A Digital Certificate identifies a person or a company. Digital Certificates are used in variety of places today. For example, for securely transmitting messages, it must be signed with a certificate(key) so that can be only read by the intended recipient or used to verify that the message really came from an identity what the message claims to originate from. In order words, it acts as an identification card for that identify where ever it need to be electronically presented.
In order to to acquire a digital certificate for your server, you
need to generate a public key and private key. Then create a Certificate Signature Request
(CSR), using the public key generated before. Now the CSR request needs to submitted to a
certificate authority(CA). The CA will follow certain procedures for obtaining the signed
digital certificate, which then can be installed in a keystore of the application server.
All these private keys, digital certificates, and any
additional trusted CA certificates need to stored
in the keystore, so that your Server can use them to verify identity as stated by the certificate. Also keystore should be password protected to safe guard the private keys and certificates against theft.
The following flowchart outline the steps of getting a Digital certificate. There are variety of free or commercial tools available for creating a Private Key,Public Key and Certificate Signing Request. Normally these tools come with your server or software for which you are trying to create a digital certificate for. In the below flowchart the Java Keytool has been used to create the artifacts.