Java Web Server

Generating a Certificate Signing Request (CSR) using Java Based Web Servers

Please note, as of January 2011, all CSR’s must be generated with a key length of 2048

Use the keytool command to create the key file:
keytool -genkey -keyalg RSA -keystore domain.key -validity 360 (NOTE validity may vary)

The following questions will be asked if not known:

  • Enter keystore password: (NOTE remember this for later use).
  • What is your first and last name?
  • This is the Common Name (Domain Name).
  • What is the name of your organizational unit?
  • What is the name of your organization?
  • What is the name of your City or Locality?
  • What is the name of your State or Province?
  • What is the two-letter country code for this unit?

You will then be asked if the information is correct.
Is, OU=Your Organizational Unit, O=Your Organization, L=Your City, ST=Your State, C=Your Country correct?

When you answer ‘y’ or ‘yes’ the password is then requested.
Enter key password for <mykey>.
Note: Make a note of this password.
<mykey> is the default alias for the certificate.

Use the keytool command to create the CSR file.
keytool -certreq -keyalg RSA -file domain.csr -keystore domain.key

You will be prompted to enter the password.
Enter keystore password:

If the password is correct then the CSR is created. If the password is incorrect then a password error is displayed. You will need the text from this CSR when requesting a certificate.