PKI (public key infrastructure)

Public-key cryptography is a cryptographic technique that enables users to securely communicate on an insecure public network, and reliably verify the identity of a user via digital signatures.

Sender and receiver both have pair of private and public keys.

To send encrypted message sender is using reveiver's public key.
Prior to that he can encrypt signature using his private key.

Receiver needs to decrypt message using his private key.
To decrypt signature and to authenticate the sender he is using sender's public key.

Certificate Signing Requests (CSRs)
A CSR consists mainly of the public key of a key pair, and some additional information. Both of these components are inserted into the certificate when it is signed.

Whenever you generate a CSR, you will be prompted to provide information regarding the certificate. This information is known as a Distinguised Name (DN). An important field in the DN is the Common Name (CN), which should be the exact Fully Qualified Domain Name (FQDN) of the host that you intend to use the certificate with.


Ref:

What is PKI?

Understanding Public Key Cryptography

https://en.wikipedia.org/wiki/Public_key_infrastructure

Understanding the Public Key Infrastructure behind SSL secured websites
Difference between trustStore and keyStore in Java - SSL
Behind the Scenes of SSL Cryptography

Java Keytool Essentials: Working with Java Keystores

The Java keytool command, keystore files, and certificates