and there is this part which completely baffled me:
If your server certificate is self-signed, you must install it in the Application Server keystore file (keystore.jks). If your client certificate is self-signed, you should install it in the Application Server truststore file (cacerts.jks).
Can someone explain what is a self-signed certificate ? Do I need to install it at server end will do ? I will be using Tomcat and most likely try Amazon for hosting.
Every SSL security cert has to be digitally signed before it is usable. Certs are based on a "chain of trust", where each cert in the chain is vouched for by the next one until finally you reach the end of the chain - or, if you prefer, the top of the tree. There's a dozen or so master certs hard-coded into pretty much every SSL application.
So, for example, your cert may carry the signature of "Fred's Internet Services, LLC", and Fred may be vouched for by Google.com. The Java keytool application that Tim Moores mentioned can display the entire chain.
To get a cert signed, you have to submit a Certificate Signing Request (CSA) to an authorized registrar. The registrar will return to you a signed cert, which you would then install into whatever application(s) use it.
If you use a self-signed cert you're basically saying "Trust Me! I'm who I say I am". Which is fine when you just need SSL in-house or with people who know you, but you shouldn't accept self-signed cert verification from strangers.
Bjoke: A "Bully Joke". A Statement or action made with malicious intent - unless challenged. At which point it magically transforms into "I was just funnin'" or "What's the matter, can't take a joke?"