The following is an example on how to generate a certificate directly on a Linux server using keytool, then sign it by a windows CA. The example assumes we are regenerating a certificate for a glasfish domain.
STEP 1: Delete the old certificate
In glasfish in each domain where security is activated we have a keystore.jks keystore where the https certificate used by the glasfish domain is stored.
To delete the old s1as certificate if it exists.
#keytool -delete -keystore keystore.jks -alias s1as
STEP 2: Generate new key for alias s1as
#keytool -genkey -alias s1as -keyalg rsa -keysize 1024 -validity 3650 -keystore keystore.jks
STEP 3: Generate a certificate request for alias s1as
#keytool -certreq -alias s1as -keystore keystore.jks -file certreq.pem
STEP 4: Sign the certificate request for alias s1as with the CA
Sign the certificate in your Windows CA. Export it from there with full cert chain (binary, pkcs#7 with Certificate chain)
STEP 5: Import the signed certificate for alias s1as in the keystore
#keytool -import -alias s1as -file signed.p7b -keystore keystore.jks