There are two steps involved with using SSL.
1) The first step is you create the private and public key and the certificate. You can do this with the
java keytool command. This will store the private key, public key and certificate in the keystore. You can then tell your web server to use this keystore and you can start using SSL. This is known as a self-signed certificate. If someone connects to your web site with a self signed certificate they will get a warning message that will say something like "This site is untrusted, do you wish to continue?"
Maybe this OK if you want to use SSL internally. At my work, most internal servers with SSL are setup this way. We just ignore the warning messages.
Now if you want users to be able to go your web site without a warning message, you must get a CA to sign your certificate. You can use the java keytool command to create a CSR (Certificate Signing Request). This creates a small file that you send to the CA. The CSR only contains the public part of the certificate. Remember you never want anyone to to have access to your private key. After the CA signs the request, they will send you back a file. You can then use the keytool command again to import that file into the keystore. After you do this, your certificate will contain a signature of the CA. Now when users connect to your web site, they will not get the warning message.
There is a good book about this. I have sitting on my desk at work and I am at home now so I cannot give you title until Monday morning. In the book, it shows how to do each step with the keytool command.