Article Purpose: This article provides step-by-step instructions for generating a Certificate Signing Request (CSR) in Tomcat. If this is not the solution you are looking for, please search for your solution in the search bar above.
Note: Use JDK 1.4 or higher.
- Create a certificate keystore and private key with the following command:
$JAVA_HOME\bin>keytool -genkey -alias your_alias_name -keyalg RSA -keysize 2048 -keystore your_keystore_filename
Keysize must be specified otherwise keytool will generate a key which is 1024 bit, this does not meet the minimum requirements which is 2048 bit or higher.
- Replace "$JAVA_HOME" with the directory of your Java Install. If you are on a Windows server change the directory to:
- Specify the password. It must be at least 6 characters long.
- Input the following:
- What is your first and last name?(This is the Common Name/FQDN field): www.globalsign.com
- What is the name of your organizational unit?: GlobalSign
- What is the name of your organization?: GlobalSign
- What is the name of your City or Locality?: London
- What is the name of your State or Province?: London
- What is the two-letter country code for this unit?: GB
- Is CN= www.globalsign.com, OU= Globalsign, O= GlobalSign, L= London, ST= London, C= GB correct?: Yes
- Enter the password for <your_alias_name> or enter "RETURN" if it is the same as the keystore password.
- Create the Certificate Signing Request file using:
$JAVA_HOME\bin>keytool -certreq -keyalg RSA -alias your_alias_name -file certreq.csr -keystore your_keystore_filename
- Enter keystore password: your_password_here.
- You now have a "certreq.csr" file. The file is encoded in PEM format and can be entered into the website. Be sure to include the beginning and end tags:
-----BEGIN NEW CERTIFICATE REQUEST-----
-----END NEW CERTIFICATE REQUEST-----