Since I am a java guy I am also posting this query in the java forum.
When we use the -genkey argument the keytool "generates a key pair (a public key and associated private key). Wraps the public key into an X.509 v1 self-signed certificate, which is stored as a single-element certificate chain".
When we use the -selfcert argument the keytool "generates an X.509 v1 self-signed certificate, using keystore information including the private key and public key associated with alias".
If -genkey generates a self signed certificate what does -selfcert do? I can't understand what actually happens between -genkey and -selfcert. What does self sign mean in both the case?
-genkey generates a private and public key in addition to creating a cert. -selfcert creates a cert using a specified key. A self-signed certificate means that the certificate chain does not lead to a Certification Authority (CA) who validates you are who you say you are. A user who encounters a self-signed cert in an applet or web server will be notified that the certificate is questionable. Have a look on the page you linked, the section marked "Certificate Chains" for more.