To install a signed certificate, you generate a certificate request using a certificate editing tool and send the request to the CA (the same issuing entity as specified on the trusted root). After receiving the X.509-compliant signed certificate back from the CA, you again use the certificate editor and install the certificate into the keystore.
Setting up a keystore file is one of the first steps needed for configuring a
Broker component for SSL. For step-by-step instructions on configuring a keystore, see
Configuring SSL for
Broker Server and
Creating Keystores and
Truststores.