To generate a Certificate Signing Request (CSR) with Tomcat, there are two methods available. Choose the one that suits you best :
Create a CSR with our Keytool Command-Line CSR Generator
1. Launch Keytool.
2. Save yourself a lot of time and typing by using our Keytool Command-Line CSR Generator to generate your command-line.
3. Copy/paste this command-line in Keytool and your CSR will be saved to SSL247CSR.csr.
4. Open the file with Notepad or Wordpad and copy/paste its entire contents (including tags -----BEGIN CERTIFICATE----- et -----END CERTIFICATE-----) in our order form.
Create a CSR with JDK 1.4
You will need to download JDK 1.4 or higher to be able to generate a CSR for Tomcat.
1. Create a certificate keystore and private key with the follow command...
-
For RSA:
$JAVA_HOME\bin>keytool -genkey -alias youralias -keyalg RSA -keystore yourkeystore NOTE : Replace $JAVA_HOME with the directory of your Java Install (if Windows, change directory to \Program Files\Java\[javaversionhere]\bin). -
For ECC:
keytool -genkeypair -keyalg EC -keystore ecckeystore.jks -keysize 256 -alias ecckeyname NOTE: All certificates that will expire after October 2013 must have a 2048 bit key size
2. Specify the password (must be at least 6 characters long, and MUST be remembered).
3. Input the following information:
- What is your first and last name? Must match the URL you plan to secure exactly – is usually your fully-qualified domain name (e.g., devel.ssl247.co.uk or mail.devel.ssl247.co.uk). Remember the www. Is important – include it if you want to secure https://www.yoursite.com & exclude it if you want to secure https://yoursite.com.
- What is the name of your organisational unit? The name of your department within the organization (this is often "IT," "Web," or is just left blank).
- What is the name of your organisation? The legal (officially registered) name of your organization/company include Inc., LLP., Pvt, Plc. Ltd. SARL., etc
- What is the name of your City or Locality? The city or town in which your organization is located.
- What is the name of your State or Province? The state in which your organization is located.
- What is the two-letter country code for this unit? Click here for the official list of ISO country codes for this field.
- Is CN=www.mydomain.com, OU=IT, O=SSL247, L=London, ST=London, C=GB correct? If the information is correct, type "Yes", otherwise "No".
4. Enter key password for youralias (RETURN if same as keystore password)
5. Create the Certificate Signing Request file with the following command:
$JAVA_HOME\bin>keytool -certreq -keyalg RSA -alias youralias -file certreq.csr -keystore yourkeystore
Enter the keystore password
6. The certreq.txt file will now be generated - this file can be entered into the website. Please include these tags:
-----BEGIN NEW CERTIFICATE REQUEST-----
-----END NEW CERTIFICATE REQUEST-----