Because keytool is a multipurpose tool for managing keys and certificates, you may find it easier to understand the generating of a public-private key pair by looking first at a less complex tool available on Unix-like platforms, named ssh-keygen. (This is for illustration purposes only. Keytool -certreq -alias -file CSR file name.csr -keystore.jks. After executing this command and entering the keystore password, the CSR can be found in.csr file. You can open that file using Notepad or TextEdit or using a shell text editor like nano or vi. Use the CSR in the certificate activation. Jul 08, 2019  In order to generate the CSR code on Tomcat, you can use keytool commands. First, you need to create a keystore that will contain the private key. Open up a command line interface and run the following command: keytool -genkey -keysize 2048 -keyalg RSA -alias tomcat -keystore yourkeystore.jks. You are free to use any custom alias and a keystore name.

1. Advantages Of Private Key Encryption

SSL Certificate CSR Creation for Java Based Web Servers.

If you already have your SSL Certificate and just need to install it, see
SSL Certificate Installation :: Java Web Servers.

How to generate a CSR using Java Keytool

**NOTE: You must generate a new keystore through this process. If you try to install a new certificate to an old keystore your certificate will not work properly. Backup and remove any old keystores if necessary before beginning this process.

Recommended: Save yourself some time by using our new Java Keytool CSR Wizard to create your CSR with Keytool. Just fill in the details, click Generate, and paste your customized keytool command into your terminal.

If you prefer to roll your own keytool commands to generate your CSR, just follow our old instructions below:

Create a New Keystore

1. You will be using the keytool command to create your new key-CSR pairing. Enter the following:

   keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore yourdomain.jks

   'Yourdomain' is the name of the domain you are securing. However, if you are ordering a Wildcard Certificate, do not include * in the beginning of the filename as this is not a valid filename character.

2. You will be prompted for the DN information. Please note: when it asks for first and last name, this is not YOUR first and last name, but rather your domain name and extension(i.e., www.yourdomain.com). If you are ordering a Wildcard Certificate this must begin with *. (example: *.digicert.com)

3. Confirm that the information is correct by entering 'y' or 'yes' when prompted. Next you will be asked for your password to confirm. Make sure to remember the password you choose.

Generate Your CSR with Your New keystore

1. Next, use keytool to actually create the Certificate Signing Request. Enter the following:

   keytool -certreq -alias server -keyalg RSA -file yourdomain.csr -keystore yourdomain.jks

   Again, 'yourdomain' is the name of the domain you are securing. (without the * character if you are ordering a Wildcard Certificate).

2. Enter the keystore password.

3. Then the SSL Certificate CSR file is created. Open the CSR with a text editor, and copy and paste the text (including the BEGIN and END tags) into the DigiCert web order form.

4. After you receive your SSL Certificate from DigiCert, you can install it.

   See SSL Certificate Installation :: Java Web Servers.

Generating a CSR for Issuance of an SSL Certificate with Keytool

How to generate a Certificate Signing Request for your Java Web Server

Use Java's Keytool to create a CSR and install your SSL/TLS certificate on your Tomcat (or other Java-based) server

Use these instructions to generate your certificate signing request (CSR) and install your SSL/TLS certificate on your Tomcat server using Java’s Keytool.

Restart Note: After you've installed your SSL/TLS certificate and configured the server to use it, you must restart the Tomcat service.

1. To create your certificate signing request (CSR), see Tomcat Server: Create Your CSR with Java Keytool.

2. To install your SSL certificate, see Tomcat Server: Install and Configure Your SSL/TLS Certificate.

To view these instructions in Spanish, see CSR para Tomcat and Tomcat Instalar Certificado SSL.

If you are looking for a simpler way to create CSRs, and install and manage your SSL/TLS certificates, we recommend using the DigiCert^® Certificate Utility for Windows. You can use the DigiCert Utility to generate your CSR and prepare your SSL/TLS certificate file for installation on your Tomcat server. See Tomcat: Create CSR & Install SSL/TLS Certificate with the DigiCert Utility.

I. Tomcat Server: Create Your CSR with Java’s Keytool

Use the instructions in this section to create a new keystore (.jks) file and to generate your CSR.

Recommended Method: Use the DigiCert Java Keytool CSR Wizard

Save yourself some time: Use the DigiCert Java Keytool CSR Wizard to generate a Keytool command to create your Tomcat keystore and CSR.

1. Simply fill out the form, click Generate, and then paste your customized Java Keytool command into your terminal.

2. The Java keytool utility creates both your private key and your certificate signing request, and saves them to two files: your_common_name.jks, and your_common_name.csr.

3. You can then copy the contents of the CSR file and paste it into the CSR text box in our order form.

4. Skip to Step 2, part 3: Save and Back-up Your Keystore File.

Do you prefer a more manual approach to generating your Tomcat keystore and CSR? Follow the instructions below.

Step 1: Use Keytool to Create a New Keystore

Important: We recommend you generate a new keystore following the process outlined in this section. Installing a new certificate to an old keystore often ends in installation errors or the SSL/TLS certificate not working properly. Before you begin this process, backup and remove any old keystores.

1. Run Command

   1. Navigate to the directory where you plan to manage your keystore and SSL/TLS certificate.

   2. Enter the command below.

      In the command above, your_site_name should be the name of the domain you want to secure with this SSL/TLS certificate. When ordering a Wildcard certificate, do not include the asterisk (*) in the filename (e.g., your_site_name). The asterisk is not a valid keytool character.

   3. Create a Password

      1. When prompted, create a password for your Keystore.

         Note: You will specify this password in your Tomcat configuration file and then use it to generate your CSR and to import your certificate.

      2. Store this password somewhere safe, such as a trusted and secured password manager.

   4. Enter your SSL/TLS certificate information.

      Important: When prompted for the first and last name, DO NOT type your first and last name. Instead, type the Fully Qualified Domain Name (FQDN) for the site you are securing with this certificate (e.g., www.yourdomain.com, mail.yourdomain.com). Are you are ordering a Wildcard Certificate? Then your FQDN must begin with an asterisk (*). (e.g.,*.yourdomain.com).

   5. Enter your Organization information.

   6. When prompted to verify your information, type y or yes to confirm.

   7. When asked for a 'key password for <server>', press enter to use the password you just created for the keystore file.

2. Your keystore file, your_site_name.jks, is now created and in your current working directory.

Step 2: Generate a Certificate Signing Request (CSR) from your New Keystore

Advantages Of Private Key Encryption

1. Run Command

   1. In Keytool, type the following command:

      In the command above, your_site_name should be the name of the keystore file you created in Step 1: Use Keytool to Create a New Keystore or when using the DigiCert Java Keytool CSR Wizard.

   2. When prompted, enter the password you created earlier (when you created your new keystore).

   3. Product key generator 2016 microsoft office. In your current directory, csr.txt (e.g., your_site_domain.txt) now contains your CSR.

2. Save and Back-up Your Keystore File

   1. Take note of the path to your keystore file (your_site_domain.jks) as your SSL/TLS certificate will be installed to it later.

   2. We recommend that you create a back-up copy of your Keystore file (your_site_domain.jks) before continuing. Having a back-up of the Keystore file can help resolve issues that may occur during certificate SSL/TLS installation.

3. Order Your SSL/TLS Certificate

   1. Open the .csr file you created with a text editor.

   2. Copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags, and paste it in to the DigiCert order form.

   3. Make sure that when you Select Server Software, you select Tomcat.

   Tomcat SSL/TLS Certificates, Guides, & Tutorials

   Buy NowLearn More

4. Install Certificate

   After you’ve received your SSL/TLS certificate from DigiCert, you can install it on your Tomcat server.