Generating a Certificate Signing Request (CSR) using Java Based Web Servers
Use the keytool command to create the key file:
keytool -genkey -keyalg RSA -keystore domain.key -validity 360 (NOTE validity may vary)
The following questions will be asked if not known:
- Enter keystore password: (NOTE remember this for later use).
- What is your first and last name?
- This is the Common Name (Domain Name).
- What is the name of your organizational unit?
- What is the name of your organization?
- What is the name of your City or Locality?
- What is the name of your State or Province?
- What is the two-letter country code for this unit?
You will then be asked if the information is correct.
Is CN=www.yourdomain.com, OU=Your Organizational Unit, O=Your Organization, L=Your City, ST=Your State, C=Your Country correct?
When you answer ‘y’ or ‘yes’ the password is then requested.
Enter key password for <mykey>.
Note: Make a note of this password.
<mykey> is the default alias for the certificate.
Use the keytool command to create the CSR file.
keytool -certreq -keyalg RSA -file domain.csr -keystore domain.key
You will be prompted to enter the password.
Enter keystore password:
If the password is correct then the CSR is created. If the password is incorrect then a password error is displayed. You will need the text from this CSR when requesting a certificate.