The following commands are executed on commandline.
In order to use the Java Keytool to create a CSR, a Java Keystore is required. This controls the keypair (private and public key) for the request. When a keystore has not yet been created on the server, this must first be set up before the CSR can be created. Use the following command:
keytool -genkey -alias yourdomainname -keyalg RSA -keystore KeyStore.jks -keysize 2048
Enter keystore password: <enter new password>
Re-Enter new password: <confirm password>
In this example, ‘yourdomainname’ must be replaced with the domain name for which the keypair will be generated. This alias must be used throughout the process: always use the domain name for which the certificate is requested in order to avoid confusion.
The server will now automatically ask for information required for the CSR creation process. Enter the following information and press the enter key after each prompt.
What is your first and last name? (Please note that the question is misleading: the expected answer is the common name.)
What is the name of your organizational unit? (The name of your department, for example Sales.)
What is the name of your organization? (The full company name as was entered into the Trade Register of the Chamber of Commerce or a similar register.)
What is the name of your City or Locality? (The city where your company is located.)
What is the name of your State or Province? (The province where your company is located.)
What is the two-letter country code for this unit? (the country code in capital letters, for example NL)
The server will now ask you to confirm the information you have just entered. Answer this prompt with ‘yes’ or ‘no’.
The server will also ask for a password; press the enter key to use the same password that was used for the keystore creation process.
Generating a CSR
Enter the following command:
keytool -certreq -alias yourdomainname -keystore KeyStore.jks -file yourdomainname.csr
In this example, the name of the CSR file that will be created is ‘yourdomainname.csr’. Replace ‘yourdomainname’ with the domain name for which the certificate is requested.
When no keystore has been created for this alias, the server will automatically request information required for the creation of a CSR. This process is the same as described above. Answer the prompts and press the enter key.
If you have created a keystore for this alias, the server will ask for the password of your keystore. The server will then automatically create the CSR file with the name you have entered earlier. The CSR file will be saved on your server. You can check the created file with the following command:
This will show the CSR you have just created for this domain name. This will be similar to the following example:
-----BEGIN CERTIFICATE REQUEST-----
MIIC7DCCAdQCAQAwgaYxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdEcmVudGhlMQ4w DAYDVQQHDAVFbW1lbjEbMBkGA1UECgwSTmV0d29ya2luZzRhbGwgQi5WMQ4wDAYD VQQLDAVTYWxlczEfMB0GA1UEAwwWd3d3Lm5ldHdvcmtpbmc0YWxsLmNvbTEnMCUG CSqGSIb3DQEJARYYc2FsZXMubmV0d29ya2luZzRhbGwuY29tMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxG3vxWeYbNBfqVft68DaC5ORUmuK8CE3mGUh EKLJgHbPuC7y7KE1mJekeNDv4gehG7gdhGBOobRTwDYru1VnFCmeXKvLXzIaCczR +Xy09L6Itb1aOnLBv7p8VlxQ7OhViCJvmkAXJGHEcEex3ENaMMuw8YBnsw2JzOZv IzBD1XZm04da2k1Ai0vmwH5aoYTA5F+gE9Izouc9Opkp2k9+tdjUY9uarrMRj7XS E+hI4jqnHH32+vPNFziZ4QbVl5GpjMR/Q0GdIL8Bcu8Sw1u3cQSCu0ZzKZTG6oEJ 2oB8dVjc5BrtXfEYxF0s9T8HyXdx4NQuOtjN1beo6TQzP6s9QQIDAQABoAAwDQYJ KoZIhvcNAQELBQADggEBABJ2vZSMHmErkGpZFRBudCEwR+SEPvdYqCVwojn6R4rZ lAsbZ5TNng2GYWDMmoAsw6zq4/fd8q1cAoOG9fj6z3lEswpU3eqhc0f/wrVtfTN7 vc7yAB81FAcgw5Ad7c8h4oGrd3pYtXX/cLHSLSnpnXp9vc4nsWK3h88K8ZV9ih+e eUK0JDV3wZ3ok80JTTkws48/txIApfV6J1P2SfHazK7kann39Mb0ZnIcfBeYK26R APArN6rLh+Yx/gjqaCBo6sGZLx3J5o+W86zaSoo+v8wvPbNa4JNw8gg4PooY6JVE MEU5t6hHjD9AkNCO8uOi1K+FqzHe0aMq0EVvoHw7AMg=
-----END CERTIFICATE REQUEST-----
The CSR that was generated for your domain name can now be used to request an SSL certificate on www.networking4all.com. Follow the steps to request a certificate in our SSL wizard. When the wizard asks for a CSR, enter the code from your generated CSR file.