Creating the CSR for the JACE server certificate prepares it for signing without its private key.

For the procedure, see Create a CSR for each server certificate.

Signing the JACE server certificate is done using the private key of the intermediate certificate.

For the procedure, see Sign the server certificates using the intermediate certificates.

This step marries the signed JACE server certificate with its private key, which never left the Key Store. The green shield indicates that the JACE server certificate has been signed.