Java Keytool - Generate CSR

Feb 19, 2024

Java Keytool - Generate CSR


Java Keytool can be used to generate Java keystores, certificate signing requests (CSRs), convert certificate formats, and other certificate related functions. Keytool is bundled with Oracle's JDK. This article will walk through generating a CSR as well as generating a private key if one is not already available. 


1. Generate a keystore:

A keypair must first exist in order to generate a CSR. If you have an existing Java keystore, proceed to the next step, otherwise use the command below to generate a new Java keystore:

keytool -genkey -alias mydomain -keyalg RSA -keystore KeyStore.jks -keysize 2048

Enter keystore password: <create keystore password>
Re-Enter new password: <confirm keystore password>

You now have a Java keystore from which you can generate a CSR.

Note: You can change the Alias of mydomain to a word of your choosing. This alias must remain the same for key generation, CSR generation, and signed public key importing. 


2. Generate a CSR:

keytool -certreq -alias mydomain -keystore KeyStore.jks -file mydomain.csr

Answer each question when prompted.
Use the chart below to guide you through the process:

Field Example
First & Last Name Domain Name for SSL Certificates
Entity Name for Code Signing
Organizational Unit  Support (Optional, e.g. a department)
Organization GMO GlobalSign Inc (Entity's Legal Name)
City / Locality Portsmouth (Full City name)
State / Province New Hampshire (Full State Name)
Country Code US (2 Letter Code)

Confirm or reject the details by typing "Yes" or "No" and pressing Enter

Press Enter to use the same password as the keystore, alternatively specify a separate password and press enter. 

You should now have a file called mydomain.csr which can be used to request a digital certificate from GlobalSign. 

Related Articles

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support