Generating a Certificate Signing Request (CSR) using Java Based Web Servers


Use the keytool command to create the key file:
keytool -genkey -keyalg RSA -keystore domain.key -validity 360

If you want to use an alias for the site certificate include -alias yyy (where yyy is the alias name)

(NOTE validity may vary)


The following questions will be asked if not known:
Enter keystore password: (NOTE remember this for later use)
What is your first and last name? - This is the Common Name (Domain Name)
What is the name of your organizational unit?
What is the name of your organization?
What is the name of your City or Locality?
What is the name of your State or Province?
What is the two-letter country code for this unit?

You will then be asked if the information is correct:
Is, OU=Your Oganizational Unit, O=Your Organization, L=Your City, ST=Your State, C=Your Country correct?

When you answer 'y' or 'yes' the password is then requested:
Enter key password for <mykey>
NOTE: Make a note of this password
<mykey> is the default alias for the certificate

Use the keytool command to create the CSR file:
keytool -certreq -keyalg RSA -file domain.csr -keystore domain.key

You will be prompted to enter the password.
Enter keystore password:

If the password is correct then the CSR is created.
If the password is incorrect then a password error is displayed.
You will need the text from this CSR when requesting a certificate.