home / support / ssl certificate csr generation / java based server

Generating a Certificate Signing Request (CSR) for Java Based Web Servers

Step 1: Generate a Private Key

Use the keytool command to create the private key file:

keytool -genkey -keyalg RSA -keysize 2048 -keystore yourdomainname.key

The following questions will be asked if not known:

You will then be asked if the information is correct:

Is CN=www.yourdomain.com, OU=Your Oganizational Unit, O=Your Organization, L=Your City, ST=Your State, C=Your Country correct?

When you answer y or yes the password is then requested:

Enter key password for <mykey>

Note: Make a note of this password, <mykey> is the default alias for the certificate

Step 2: Create your Certificate Signing Request

Use the keytool command to create the CSR file:

keytool -certreq -keyalg RSA -keystore yourdomainname.key -file yourdomainname.csr

You will be prompted to enter your password.

If the password is correct then the CSR is created otherwise a password error message will be displayed.

You will not be prompted for the common name, organization, etc. The keytool will use the values that you specify when generating the private key.

You have now two files, the Private Key file named yourdomainname.key and Certificate Signing Request (CSR) file named yourdomainname.csr

When asked to "Copy & Paste" your CSR into the CSR field during the order process, open the yourdomainname.csr file with a text editor and copy and paste the content into the CSR field on the order form.

Additional information

For additional information, please visit http://java.sun.com/products/jdk/1.2/docs/guide/security/index.html.