How to Generate a CSR on GlassFish

In this tutorial, we will show you how to generate a CSR on GlassFish.

You can generate your CSR code in many ways, but the most optimal method for GlassFish is via the keytool command line utility.

Step 1. Create a new keystore

Since GlassFish stores certificates and private keys in special .jks files also called keystores, your first step is to create a new keystore.

Type the command below to create a new keystore with a private key:

keytool -genkey -alias myalias -keyalg RSA -keysize 2048 -keystore mykeystore.jks

We recommend replacing the bold parts with an alias and file name of your choice.

Step 2. Create a password for the keystore

Now, the program will ask you to create a password (at least six characters) for this keystore.

Note: The keystore and private key passwords must be the same as your GlassFish master password. If you don’t remember your master password and haven’t changed it from the beginning, then the default password should be changeit. You can set a new password via the change-master-password subcommand of the asadmin utility.

Step 3. Submit your contact details

Next, the keytool will prompt you to submit your contact details.

Follow the examples below to fill in the corresponding fields:

• What is your first and last name?
  Here, instead of specifying your first and last name, you must include the fully qualified domain name (FQDN) of the site you want to secure. For instance, if you want to install a single or multi-domain certificate, you should enter com or blog.yoursite.com for a subdomain
  Note: If you have a Wildcard certificate, add an asterisk in front the domain name (e.g., *.yoursite.com).
• What is the name of your organizational unit?
  You can indicate IT or Web Administration. For a Domain Validation SSL Certificate, put NA NA stands for not available
• What is the name of your organization?
  If you have a BV or EV SSL Certificate, enter the full name of your officially registered company (e.g., Your Company LLC). For a DV certificate, type NA instead
• What is the name of your City or Locality?
  Here, specify the city or town where your business is located (e.g., Miami)
• What is the name of your State or Province?
  Again, enter the name of the region where your company is registered (e.g., Florida)
• What is the two-letter country code for this unit?
  Provide the two-letter code of your company’s country of origin. (e.g., US). Here you can find the full list of country codes.

Make sure the info you’ve provided is correct and up to date then press “y”

Step 4. Set a password for the certificate’s private key

The keytool will ask you to set a key password to secure your certificate’s private key.

Press enter to make the password identical to the keystore password.

Step 5. Generate your CSR

Now that you have created a keystore file with the private key inside, you can generate your CSR with the following keytool command:

keytool -certreq -alias myalias -file domain.csr -keystore mykeystore.jks

The myalias and mykestore.jks attributes should be the same as in the first command. As for domain.csr, you should replace it with a custom file name (e.g., yoursite.csr). The domain.csr file will be in the same directory with your keystore.

Note: Your keystore file is located in the directory where you run the command.

You can open your CSR file with any text editor of your choice (e.g., Notepad). Before sending it to your CA, we recommend one final check for potential typos or errors. Use our decoder tool to inspect your CSR.

Depending on the validation type of your cert, you’ll have to wait between a few minutes up to a couple of business days for your SSL Certificate files to arrive in your inbox. Once you’ve received them, you can install your SSL certificate on GlassFish.