Java-based Webservers (e.g. Tomcat) using keytool CSR Generation

CSR Generation: Java-based Webservers (e.g. Tomcat) using keytool

Generating a Certificate Signing Request (CSR) for Java-based Webservers such as Tomcat, using keytool

To generate your CSR, log in to the server and open a command prompt or shell, and use the following instructions:

  1. Generate a new keystore and 2048 bit key with the following command:
    keytool -genkey -keyalg RSA -alias server -keystore my_keystore.jks

    Replace the file 'my_keystore.jks' with the filename and path you wish to locate the keystore. The alias 'server' can be changed to the site or server name if needed.

    For Tomcat, change the '-alias server' to '-alias tomcat'

  2. You may be prompted for some information:
    Enter keystore password:
    What is your first and last name?
    What is the name of your organizational unit? **This is your Common Name**
    What is the name of your organization?
    What is the name of your City or Locality?
    What is the name of your State or Province?
    What is the two-letter country code for this unit?
  3. The 'first and last name' actually means the fully-qualified domain name for your site - e.g. 'www.mydomain.com'.
    For wildcard certificates, the Common Name should be in the format: *.mydomain.com
    Please take care to remember the password you enter.

  4. Now generate the CSR using the key and keystore you have just created:
    keytool -certreq -alias server -file csr.txt -keystore my_keystore.jks

    Ensure that the alias and keystore have the same name and filename as in Step 1.

    You will be prompted to enter the password again. If successful, the file 'csr.txt' will be created. Open this file with a text editor and cut and paste the contents into the enrollment form when requested.

Notes:
If you do not enter an alias with the '-alias' command flag, the default alias will be used, 'mykey'.

  • 13 Users Found This Useful
Was this answer helpful?

Related Articles

Microsoft Exchange 2010 CSR Generation (PowerShell)

Be advised: You may copy and paste the below commands into your favorite text editor such as...

CSR Generation: Lotus Domino server 4.6x and 5.0x

Generating a Certificate Signing Request (CSR) using Lotus Domino Server versions 4.6x and...

HSphere CSR Generation

CSR Generation: HSphere Generating a Certificate Signing Request (CSR) on Parallels HSphere To...

IBM HTTP Server CSR Generation

CSR Generation: IBM HTTP Server Generating a Certificate Signing Request (CSR) using IBM HTTP...

Lync 2013 CSR Generation

How to Generate a CSR for Lync 2013 From the Windows start menu click on Lync Deployment...