certificate is created using the csr file which contains enough information about the dns for which certificate will be authorized. you can also decode the csr using the link: https://www.sslshopper.com/csr-decoder.html . The csr also contains public key generated by the keystore .jks file. and this keystore contains private & public key. Alias is kind of unique tag for a keystore file. you can download & install keystore explorer to explore more options for keystore with the link: https://keystore-explorer.org after installing it when you want to update the certificate which was generated with same keystore & csr you can simply use import from CA reply > from file and select the updated certificate file to update the certificate in keystore.