During the online enrollment process you will be required to provide Entrust Certificate Services with a Certificate Signing Request (CSR).

This encrypted data is generated from your server, and contains information about your company and Web server.

Part 1 – Create a Certificate Keystore

keytool -genkey -alias -keyalg RSA –keysize 2048 -keystore mykestore.jks

As an example:

[root@digicert root]# keytool -genkey -alias myalias -keysize 2048 -keyalg RSA -keystore c:\.mykeystore.jks
Enter keystore password: password
What is your first and last name?
[Unknown]: www.testcertificates.com
What is the name of your organizational unit?
[Unknown]: Entrust CS
What is the name of your organization?
[Unknown]: Entrust
What is the name of your City or Locality?
[Unknown]: Ottawa
What is the name of your State or Province?
[Unknown]: Ontario
What is the two-letter country code for this unit?
[Unknown]: CA
Is CN=www.testcertificates.com, OU=Entrust CS, O=Entrust, L=Ottawa, ST=Ontario, C=CA correct?
[no]: yes

Enter key password for 
(RETURN if same as keystore password):

Ensure that you take note of the password that is entered and use it when generating the CSR in Part 2.

Part 2 – Generating the Certificate Signing Request

keytool -certreq -keyalg RSA -alias -file certreq.csr -keystore yourdomain.jks

As an example:

[root@digicert root]# keytool -certreq -keyalg RSA -alias myalias -file certreq.txt -keystore c:\.mykeystore
Enter keystore password:

Paste this CSR into text file. The CSR should look similar to this:

-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBujCCASMCAQAwejELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDzANBgNVBAcTBk90
dGF3YTEQMA4GA1UEChMHRW50cnVzdDETMBEGA1UECxMKRW50cnVzdCBDUzEhMB8GA1UEAxMYd3d3
.
.
.
5w6T+q/f+wIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEAF+0hqAqXumz/vGrzGVhKHlnxd7HW3ezS
GIbIUcOy1YdDc/1ZCqRpu3utYIZ6welK++l+QjlbL6p5RJJETkkLKXjb/WVFajNuPl7Yob9pbwA7
JBrCCKbFj+kzDNbGhCR1RgFA9vQj5vob41Vj+k+TQchliuTLL9rFXNDHrtgTMtA=
-----END NEW CERTIFICATE REQUEST-----