The next step is to get the node certificate signed by your CA. To do this you must generate a Certificate Signing
Request (CSR) with the
keytool -certreq command:
The resulting file —
node01.csr — is your Certificate Signing Request, or CSR file.
Send the CSR file to the Certificate Authority for signing. The Certificate Authority will sign the certificate and return a signed version of the certificate. See Signing a CSR if you are running your own Certificate Authority.
When running multiple nodes on the same host, the same signed certificate can be used on each node or a unique certificate can be requested per node if your CA supports multiple certificates with the same common name.