What is the best way to generate Certificate Signing Request using AndroidKeyStoreProvider?

Question

I read this article.

It says how to generate a KeyPair, however it doesn\'t specify how to generate a Certificate Signing Request based on the generated

Answer 1

Regarding generating a CSR (certificate sign request) on the android phone, I think it is rather straightforward to use Spongycastle instead. It is an android port of Bouncycastle.

Suppose I finally get certificate signed by a Certificate Authority. What exactly should I do to "replace the certificate at a later time"?

Once you have the actual signed certificate which you are supposed to get from the CA (Certificate Authority), you no longer need your CSR; you should just store the signed certificate on the phone. Where to save them - I guess you can get help here.