Help & Support
Generate CSR in Apache Tomcat using Keytool
During the online enrollment process you will be required to provide Entrust Certificate Services with a Certificate Signing Request (CSR).
This encrypted data is generated from your server, and contains information about your company and Web server.
Part 1 – Create a Certificate Keystore
keytool -genkey -alias
- Always specify your keystore location when it is being created.
- If you are renewing your certificate, you must create a new key pair and keystore.
- Please use the same alias when creating your CSR and installing your certificate that you use to create your self-signed keystore.
As an example:
[root@digicert root]# keytool -genkey -alias myalias -keysize 2048 -keyalg RSA -keystore c:\.mykeystore.jks Enter keystore password: password What is your first and last name? [Unknown]: www.testcertificates.com What is the name of your organizational unit? [Unknown]: Entrust CS What is the name of your organization? [Unknown]: Entrust What is the name of your City or Locality? [Unknown]: Ottawa What is the name of your State or Province? [Unknown]: Ontario What is the two-letter country code for this unit? [Unknown]: CA Is CN=www.testcertificates.com, OU=Entrust CS, O=Entrust, L=Ottawa, ST=Ontario, C=CA correct? [no]: yes Enter key password for (RETURN if same as keystore password):
Ensure that you take note of the password that is entered and use it when generating the CSR in Part 2.
Part 2 – Generating the Certificate Signing Request
keytool -certreq -keyalg RSA -alias
Please use the same alias when creating your CSR and installing your certificate that you use to create your self-signed keystore.
As an example:
[root@digicert root]# keytool -certreq -keyalg RSA -alias myalias -file certreq.txt -keystore c:\.mykeystore Enter keystore password:
Paste this CSR into text file. The CSR should look similar to this:
-----BEGIN NEW CERTIFICATE REQUEST----- MIIBujCCASMCAQAwejELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDzANBgNVBAcTBk90 dGF3YTEQMA4GA1UEChMHRW50cnVzdDETMBEGA1UECxMKRW50cnVzdCBDUzEhMB8GA1UEAxMYd3d3 . . . 5w6T+q/f+wIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEAF+0hqAqXumz/vGrzGVhKHlnxd7HW3ezS GIbIUcOy1YdDc/1ZCqRpu3utYIZ6welK++l+QjlbL6p5RJJETkkLKXjb/WVFajNuPl7Yob9pbwA7 JBrCCKbFj+kzDNbGhCR1RgFA9vQj5vob41Vj+k+TQchliuTLL9rFXNDHrtgTMtA= -----END NEW CERTIFICATE REQUEST-----