How to Generate Certificate Signing Request on Java Based Web Servers (Tomcat )
1. Create Keystore with Keytool
--> keytool -genkey -keyalg RSA -keysize 2048 -keystore domain.keystore
If you want to use an alias for the site certificate include -alias MY_SITE (where MY_SITE is the alias name), default is mykey.
(NOTE validity may vary)
The following questions will be asked if not known:
Enter keystore password: (NOTE remember this for later use)
What is your first and last name? - This is the Common Name (Domain Name)
What is the name of your organizational unit?
What is the name of your organization?
What is the name of your City or Locality?
What is the name of your State or Province?
What is the two-letter country code for this unit?
You will then be asked if the information is correct:
Is CN=www.yourdomain.com, OU=Your Organizational Unit, O=Your Organization, L=Your City, ST=Your State, C=Your Country correct?
When you answer 'y' or 'yes' the password is then requested:
Enter key password for <mykey>
NOTE: Make a note of this password
<mykey> is the default alias for the certificate
Alternative Keystore Generation Method
Alternatively, you can create the keystore without going through all of the prompts:
--> keytool -genkey -keyalg RSA -keysize 2048 -dname "CN=www.yourdomain.com, O=Default, C=US" -keystore domain.keystore
2. Create CSR with Keytool
--> keytool -certreq -keyalg RSA -file domain.csr -keystore domain.keystore
You will be prompted to enter the password.
Enter keystore password:
If the password is correct then the CSR is created.
If the password is incorrect then a password error is displayed.
You will need the text from this CSR when requesting a certificate.