Execute the following command to generate the CSR:
Code Block language powershell
keytool -certreq -alias certalias -file newcertreq.csr -keystore newkeystore.jks
As mentioned before, use the same alias here that you used during the keystore creation process.
You will be asked to give the keystore password. Once the password is given, the command will output the newcertreq.csr file to the <PRODUCT_HOME>/repository/resources/security/ directory. This is the CSR which you must submit to a CA.
Now you must provide this CSR file to the CA. For testing purposes, try the 90 days trial SSL certificate from Comodo.
It is preferable to have a wildcard certificate or multiple domain certificates if you wish to have multiple subdomains like gateway.thilinasampledomain.org, publisher.thilinasampledomain.org, identity.thilinasampledomain.org, etc., for the deployment. For such requirements you must modify the CRS request by adding subject alternative names. Most of the SSL providers give instructions to generate the CSR in such cases.
After accepting the request, a signed certificate is provided along with several intermediate certificates (depending on the CA) as a bundle (.zip).
Panel title Sample certificates provided by the CA (Comodo)
The Root certificate of the CA:
SSL Certificate signed by CA: