SSL

use Keystore Explorer (http://www.keystore-explorer.org/downloads.html)

Create private key, send CSR

install certificate into keystore

install any intermediate and root certificates

make sure the certificate chain is in place. Double click on the certificate, and make sure you see the hierarchy


Make sure you add the root certificate to a truststore (so that you trust it!). The default one is <JRE>/lib/security/cacerts.