In this tutorial, we will show you how to generate a CSR on Oracle Servers.
This tutorial offers CSR generation instructions for the following platforms: Oracle Wallet Manager, Oracle iPlanet Web Server, Oracle WebLogic Server.
Table of Contents
- Generate a CSR code on Oracle Wallet Manager
- Generate a CSR Code on Oracle iPlanet Web Server
- Generate a CSR Code on Oracle WebLogic Server
Generate a CSR code on Oracle Wallet Manager
To create your CSR on Oracle Wallet Manager, please follow the steps below:
- In the Oracle Wallet Manager, from the main menu select Operations, then click Create Certificate Request
- In the newly opened window, provide the required information:
- Common Name: enter the FQDN (fully-qualified domain name) you want to protect with an SSL Certificate. For example, yourdomain.com
Note: Oracle Wallet Manager does not support wildcard certificate installation.
- Organizational Unit: name the department within your company in charge of web security. Usually, it’s IT or Web Administration. For a Domain Validation cert, put NA instead
- Organization: specify the full name of your company. For instance, GPI Holding LLC. If you have a Domain Validation certificate, type NA instead
- Locality/City: write the full name of the city where your company is legally registered. For example, Seattle
- State/Province: type the full name of the state/province where your company is located. For example, Washington
- Country: from the drop-down list, select your country
- Key Size: select 2048 bits
- Double check the information you’ve just submitted, then click OK
- A new window will confirm the successful CSR generation
- Back in the Oracle Manager Wallet, go to Operations and click Export Certificate Request
- Save the CSR on your device by providing a name for the file, and then clicking OK
Now, you can open your CSR code with any text editor of your choice such as Notepad, and copy-paste its contents into the required field during your SSL application process.
Generate a CSR Code on Oracle iPlanet Web Server
Please, follow the instructions below to generate a CSR code on Oracle iPlanet Web Server:
- In your Oracle dashboard, click Server Certificates and then Request
- From the Configuration list, select a configuration for which you want to install the SSL Certificate
- Next, select the token (Cryptographic Device), which contains the keys
- If your key is stored on the server, pick Internal. If it resides on an external device, select the name of the external token from the drop-down menu. Provide a password for the token you’ve selected
- Submit the required details as shown below:
- Server Name: provide the FQDN (fully-qualified domain name) you want to secure. For instance, yourwebsite.com. If you have a wildcard certificate, add an asterisk in front of the domain name (e.g., *.yourwebsite.com)
- Organization: write the official, legal name of your company. For example, GPI Holding LLC
- Organizational Unit: name the department responsible for SSL management. It could be IT or Web Administration
- Locality: specify the city where your organization is located
- State or Province: enter the state where your organization is registered
- Country: provide the two-letter abbreviation of your country name (in ISO format). For example, US for the United States. Here you can find the full list of country codes.
- For the key type, select RSA, 2048 bits
- For the Certificate Signing Authority (CSA) select CA Signed
- Verify the info you’ve just entered and then click Generate Request then Finish
- Copy your newly generated CSR code including the header and footer contents into a text document such as Notepad, and click the Close button.
That’s it! Now you can use your CSR during the order process with your SSL vendor.
Generate a CSR Code on Oracle WebLogic Server
You’ll be creating your CSR code using Java Keytool. First, you will generate a new Keystore file, and then create your own Java Keytool commands to generate a CSR code for your Oracle WebLogic Server.
Note: For a smooth and error-free SSL installation, we recommend you create a new Keystore before you generate the CSR.
Create a new Keystore
Run the following command to create a new Keystore:
keytool -genkey -alias server -keyalg RSA -keystore your_domain.jks
Replace your_domain with the actual domain name you want to secure.
Note: If you have a wildcard certificate, DO NOT include an asterisk (*) in the file name. This character is not supported.
They Keytool will prompt you to enter the following details for your SSL Certificate:
- Your first and last name: do not type your first and last names. Instead, enter the domain name to which you want to assign your SSL Certificate. For example, yourdomain.com
- Name of your organizational unit: enter the department in charge of web security. Usually, it’s Web Administration or IT
- Name of your organization: specify your legal business name. For instance, GPI Holding LLC. If your official company name contains symbols such as & or @ you must spell them out, or omit completely
- Name of your City or Locality: provide the full name of the city where your business is registered. For instance, San Francisco
- Name of your State or Province: enter the full name of the state or region where your company is located
- The two-letter country code for this unit: write the two-letter code of your country. For example, US. Here you can find the full list of country codes.
- When asked to verify your details: type Y or YES to confirm
- Password: you’ll need to create a password for your Keystore. Store it in a safe location, or password manager. You’ll need it during the CSR generation and SSL installation.
Generate a CSR Code from your Keystore
In the Keytool, run the following command:
keytool -certreq -alias server -keyalg RSA -file your_domain.csr -keystore your_domain.jks
Replace your_domain attribute with the actual domain name you want to secure.
When prompted, enter the password you’ve created for your keystore.
It’s done. Your CSR code is now ready.
Back up your Keystore file in a safe location.
Now, you can open your_domain.csr file with any text editor of your choice (e.g., Notepad) and copy-paste its contents including the —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—– when ordering your SSL Certificate.