In this tutorial, we will show you how to generate a CSR on Tomcat. We’ll use the keytool commands to generate your private key and the CSR code.
Please, follow the steps below:
Step 1: Create a keystore for your private key.
To do it, launch a command line interface and run the following command:
keytool -genkey -keysize 2048 -keyalg RSA -alias ssldragon -keystore example.jks
Note: Don’t forget to replace “example” with the primary domain name you want to secure. You may use any custom alias. For this demonstration, we’ve used ssldragon.
Step 2: Create a password for the kyestore.
Remember this password, or write it down. You’ll need it soon
Step 3: Answer the following questions:
- What is your first and last name?
Instead of writing your initials, please specify the Fully Qualified Domain Name (FQDN) you want to protect with an SSL Certificate (e.g. ssldragon.com). If you have a Wildcard certificate, add an asterisk in front of the domain (e.g., *.ssldragon.com)
- What is the name of your organizational unit?
For Business and Extended Validation Certificates, enter the department in charge of web security (e.g., IT or Web Administration). For Domain Validation Certificates, enter NA instead
- What is the name of your organization?
Type the officially registered name of your company. Use only alphanumerical characters (e.g., GPI Holding LLC)
- What is the name of your City or Locality?
Submit the full name of your city, town or locality. (e.g., San Jose)
- What is the name of your State or Province?
Provide the full name of the state or region where your business is registered (e.g., California)
- What is the two-letter country code for this unit?
Here you can find the full list of country codes. Make sure the country you specify is the legal residence of your organization (e.g., US)
The command will ask you to confirm your information.
Is CN=ssldragon.com, OU=IT, O=GPI Holding LLC, L=San Jose, ST=California, C=US correct?
Double-check your answers, and type y or yes to continue.
Step 4: Create the CSR code.
After you’ve generated the keystore with the private key, run the following command to create the CSR code:
keytool -certreq -keyalg RSA -alias ssldragon -file example.csr -keystore example.jks
Replace ssldragon and example.jks with your corresponding details.
Enter the keystore password (you created it in step 2).
Your CSR code is ready. It resides in the example.csr file. You can open it with any text editor of your choice and copy-paste the whole content during your buying order. To ensure you don’t miss a line, use the ctrl + a hot key to select the entire text.
After the Certificate Authority validates your request and sends you the SSL files, you can proceed to install your SSL on Tomcat.