Customer Service | mail Send Email

Generate CSR in Apache Tomcat using Keytool

Help & Support

 

SHOULD YOU NEED ANY ASSISTANCE?
Kindly contact us

Generate CSR in Apache Tomcat using Keytool

During the online enrollment process you will be required to provide Entrust Certificate Services with a Certificate Signing Request (CSR).

This encrypted data is generated from your server, and contains information about your company and Web server.



Part 1 – Create a Certificate Keystore

keytool -genkey -alias -keyalg RSA –keysize 2048 -keystore mykestore.jks

Important:
  • Always specify your keystore location when it is being created.
  • If you are renewing your certificate, you must create a new key pair and keystore.
  • Please use the same alias when creating your CSR and installing your certificate that you use to create your self-signed keystore.

As an example:

[root@digicert root]# keytool -genkey -alias myalias -keysize 2048 -keyalg RSA -keystore c:\.mykeystore.jks
Enter keystore password: password
What is your first and last name?
[Unknown]: www.testcertificates.com
What is the name of your organizational unit?
[Unknown]: Entrust CS
What is the name of your organization?
[Unknown]: Entrust
What is the name of your City or Locality?
[Unknown]: Ottawa
What is the name of your State or Province?
[Unknown]: Ontario
What is the two-letter country code for this unit?
[Unknown]: CA
Is CN=www.testcertificates.com, OU=Entrust CS, O=Entrust, L=Ottawa, ST=Ontario, C=CA correct?
[no]: yes

Enter key password for 
(RETURN if same as keystore password):

Ensure that you take note of the password that is entered and use it when generating the CSR in Part 2.



Part 2 – Generating the Certificate Signing Request

keytool -certreq -keyalg RSA -alias -file certreq.csr -keystore yourdomain.jks

Important:

Please use the same alias when creating your CSR and installing your certificate that you use to create your self-signed keystore.

As an example:

[root@digicert root]# keytool -certreq -keyalg RSA -alias myalias -file certreq.txt -keystore c:\.mykeystore
Enter keystore password:

Paste this CSR into text file. The CSR should look similar to this:

-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBujCCASMCAQAwejELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDzANBgNVBAcTBk90
dGF3YTEQMA4GA1UEChMHRW50cnVzdDETMBEGA1UECxMKRW50cnVzdCBDUzEhMB8GA1UEAxMYd3d3
.
.
.
5w6T+q/f+wIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEAF+0hqAqXumz/vGrzGVhKHlnxd7HW3ezS
GIbIUcOy1YdDc/1ZCqRpu3utYIZ6welK++l+QjlbL6p5RJJETkkLKXjb/WVFajNuPl7Yob9pbwA7
JBrCCKbFj+kzDNbGhCR1RgFA9vQj5vob41Vj+k+TQchliuTLL9rFXNDHrtgTMtA=
-----END NEW CERTIFICATE REQUEST-----
( RATING: 3.4  /  VOTES: 5 )