When you create a new keypair using Portecle, it includes a self-signed certificate. To replace the self-signed certificate with a CA-signed certificate, generate a CSR for the keypair and submit the CSR to the CA. The CSR contains the public key and the name of the server in a format defined by the public-key cryptography standards #10 (PKCS10), which is typically given the P10 or CSR file name extension.
After you verify the applicant identity, the CA sends you a certificate you can use to replace the self-signed certificate in the keypair, as shown below.
This CA Reply (or CSR Reply) is typically an X.509 certificate file with a CER, CRT, PEM, or DER extension or a PKCS7 file with a P7B extension.