Generating a Certificate Signing Request (CSR) for Jakarta Tomcat
Step 1: Prepare your Tomcat server
If you are not using JDK 1.4 or higher, you must download and install "Java Secure Socket Extensions" JSSE.
You can download JSSE from http://java.sun.com/products/jsse/.
Step 2: Generate a Private Key
Use the keytool command to create the private key file:
keytool -genkey -keyalg RSA -keysize 2048 -keystore yourdomainname.key
The following questions will be asked if not known:
- Enter keystore password: - Tomcat uses a default password of "changeit". If you use a different password, you will need to specify a custom password in the server.xml configuration file.
- What is your first and last name? - Enter the domain name that you want to use your SSL certificate with.
- What is the name of your organizational unit? - Enter the name of your division, department, or other operational unit of your organization.
- What is the name of your organization? - Enter the name of your organization.
- What is the name of your City or Locality? - Enter the name of your city, town, or other locality.
- What is the name of your State or Province? - Enter the name of the State or Province in which your organization operates. Do not abbreviate.
- What is the two-letter country code for this unit? - Enter the two-letter country code for your country.
You will then be asked if the information is correct:
Is CN=www.yourdomain.com, OU=Your Oganizational Unit, O=Your Organization, L=Your City, ST=Your State, C=Your Country correct?
When you answer y or yes the password is then requested:
Enter key password for <mykey>
Note: Make a note of this password, <mykey> is the default alias for the certificate
Step 3: Create your Certificate Signing Request
Use the keytool command to create the CSR file:
keytool -certreq -keyalg RSA -keystore yourdomainname.key -file yourdomainname.csr
You will be prompted to enter your password.
If the password is correct then the CSR is created otherwise a password error message will be displayed.
You will not be prompted for the common name, organization, etc. The keytool will use the values that you specify when generating the private key.
You have now two files, the Private Key file named yourdomainname.key and Certificate Signing Request (CSR) file named yourdomainname.csr
When asked to "Copy & Paste" your CSR into the CSR field during the order process, open the yourdomainname.csr file with a text editor and copy and paste the content into the CSR field on the order form.
Additional information
http://jakarta.apache.org/tomcat/index.html
http://java.sun.com/docs/.