Keytool Generate Csr And Key

admin

SSL Certificate CSR Creation for Java Based Web Servers.

  1. Keytool Certreq Example
  2. Generate Csr Openssl
  3. Keytool Generate Csr And Key West
  4. Keytool Generate Certificate
  5. Keytool Export Certificate And Key

To Generate a Certificate by Using keytool. By default, the keytool utility creates a keystore file in the directory where the utility is run. Before You Begin. To run the keytool utility, your shell environment must be configured so that the J2SE /bin directory is in the path, otherwise the full path to the utility must be present on the command line.

If you already have your SSL Certificate and just need to install it, see
SSL Certificate Installation :: Java Web Servers.

How to generate a CSR using Java Keytool

Keytool Certreq Example

How to Generate a CSR for Tomcat The following instructions will guide you through the CSR generation process on Tomcat. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. You can use keytool to generate a new Java keystore file, create a certificate signing request (CSR), and import the private key, public certificate pair, and signed certificates into the keystore.

**NOTE: You must generate a new keystore through this process. If you try to install a new certificate to an old keystore your certificate will not work properly. Backup and remove any old keystores if necessary before beginning this process.

Recommended: Save yourself some time by using our new Java Keytool CSR Wizard to create your CSR with Keytool. Just fill in the details, click Generate, and paste your customized keytool command into your terminal.

If you prefer to roll your own keytool commands to generate your CSR, just follow our old instructions below:

Create a New Keystore

  1. You will be using the keytool command to create your new key-CSR pairing. Enter the following:

    keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore yourdomain.jks

    'Yourdomain' is the name of the domain you are securing. However, if you are ordering a Wildcard Certificate, do not include * in the beginning of the filename as this is not a valid filename character.

  2. You will be prompted for the DN information. Please note: when it asks for first and last name, this is not YOUR first and last name, but rather your domain name and extension(i.e., www.yourdomain.com). If you are ordering a Wildcard Certificate this must begin with *. (example: *.digicert.com)

  3. Confirm that the information is correct by entering 'y' or 'yes' when prompted. Next you will be asked for your password to confirm. Make sure to remember the password you choose.

Generate Your CSR with Your New keystore

  1. Next, use keytool to actually create the Certificate Signing Request. Enter the following:

    keytool -certreq -alias server -keyalg RSA -file yourdomain.csr -keystore yourdomain.jks

    Again, 'yourdomain' is the name of the domain you are securing. (without the * character if you are ordering a Wildcard Certificate).

  2. Enter the keystore password.

  3. Then the SSL Certificate CSR file is created. Open the CSR with a text editor, and copy and paste the text (including the BEGIN and END tags) into the DigiCert web order form.

  4. After you receive your SSL Certificate from DigiCert, you can install it.

    See SSL Certificate Installation :: Java Web Servers.

Generating a CSR for Issuance of an SSL Certificate with Keytool

How to generate a Certificate Signing Request for your Java Web Server

To Generate a Certificate by Using keytool

By default, the keytool utility creates a keystorefile in the directory where the utility is run. /realflight-g5-activation-key-generator.html.

Generate Csr Openssl

Before You Begin

To run the keytool utility, your shell environmentmust be configured so that the J2SE /bin directory is inthe path, otherwise the full path to the utility must be present on the commandline.

  1. Change to the directory that contains the keystore and truststorefiles.

    Always generate the certificate in the directory containingthe keystore and truststore files. The default is domain-dir/config.

  2. Generate the certificate in the keystore file, keystore.jks,using the following command format:


    Use any unique name as your keyAlias. Ifyou have changed the keystore or private key password from the default (changeit), substitute the new password for changeit.The default key password alias is s1as.

    A prompt appears that asks for your name, organization, and other information.

  3. Export the generated certificate to the server.cer file(or client.cer if you prefer), using the following commandformat:


  4. If a certificate signed by a certificate authority is required,see To Sign a Certificate by Using keytool.

  5. Create the cacerts.jks truststore file andadd the certificate to the truststore, using the following command format:


    If you have changed the keystore or private key password from the default(changeit), substitute the new password.

    Information about the certificate is displayed and a prompt appearsasking if you want to trust the certificate.

  6. Type yes, then press Enter.

    Informationsimilar to the following is displayed:


  7. To apply your changes, restart GlassFish Server. See To Restart a Domain.

Example 11–10 Creating a Self-Signed Certificate in a JKS Keystore by Using an RSAKey Algorithm
Keytool Generate Csr And Key

RSA is public-key encryption technology developed by RSA Data Security,Inc.


Keytool Generate Csr And Key West

Example 11–11 Creating a Self-Signed Certificate in a JKS Keystore by Using a DefaultKey Algorithm


Example 11–12 Displaying Available Certificates From a JKS Keystore


Example 11–13 Displaying Certificate information From a JKS Keystore

Keytool Generate Csr And Key

Keytool Generate Certificate

See Also

Keytool Export Certificate And Key

For more information about keytool, see the keytool reference page.