This example assumes that the keystore is named keystore.jks, the certificate file is server.cer, and the CA file is cacerts.jks. To get your certificate digitally signed by a CA:
Generate a Certificate Signing Request (CSR).
keytool -certreq -alias server-alias -keyalg RSA -file csr-filename -keystore cacerts.jks |
Send the contents of the csr-filename for signing.
If you are using Verisign CA, go to http://digitalid.verisign.com/. Verisign will send the signed certificate in email. Store this certificate in a file.