Create CSR Java

The following commands are executed on commandline.

In order to use the Java Keytool to generate a CSR, you require a Java Keystore. This manages the keypair (private and public key) for the request. If the server does not yet have a Keystore, it must first be generated before the CSR can be created.

keytool -genkey -alias yourdomainname -keyalg RSA -keystore KeyStore.jks -keysize 2048
Enter keystore password: (enter a new password)
Re-Enter new password: (confirm password)

In this example, please replace 'yourdomainname' in the alias with the domain name for which the keypair is generated. This alias must be the same throughout the process: in order to avoid confusion, always use the domain name for which you want to request a certificate.

The server will automatically continue with a request for information that is mandatory for the creation of a CSR. Give the appropriate responses and press enter after each answer.

  • What is your first and last name? (Please note: while the question might imply otherwise, enter your common name here.)
  • What is the name of your organizational unit? (The name of your department, for example 'Sales'.)
  • What is the name of your organization? (the company name, as has been entered in the registry of the Chamber of Commerce.)
  • What is the name of your City or Locality? (the name of the town or city your company is located in.)
  • What is the name of your State or Province? (The state or province your company is located in.)
  • What is the two-letter country code for this unit? (The country code in capital letters, for example US or GB)

The server will ask you to verify the information you entered. Answer the question with either 'yes' or 'no'.

The server will also ask for a password: press enter to use the same password you entered when creating the keystore.

Generate a CSR

Execute the following command:
keytool -certreq -alias yourdomainname -keystore KeyStore.jks -file yourdomainname.csr

In this example, the name of the CSR file that is being created is 'yourdomainname.csr'. Replace 'yourdomainname' with the domain name for which the certificate is requested.

If you have not created a keystore for this alias yet, the server will automatically ask for information that is mandatory for the CSR. This process is the same as described above. Give the required information and press enter.

If you have already created a keystore for this alias, the server will ask for the password. It will automatically create the CSR using the previously entered file name 'yourdomainname.csr'. You can find the file on your server. Please check if the file was created correctly by using the following command: cat yourdomainname.csr

This will display the CSR file created for your domain name. The result will be similar to the following example:
-----BEGIN CERTIFICATE REQUEST----- MIIC7DCCAdQCAQAwgaYxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdEcmVudGhlMQ4w DAYDVQQHDAVFbW1lbjEbMBkGA1UECgwSTmV0d29ya2luZzRhbGwgQi5WMQ4wDAYD VQQLDAVTYWxlczEfMB0GA1UEAwwWd3d3Lm5ldHdvcmtpbmc0YWxsLmNvbTEnMCUG CSqGSIb3DQEJARYYc2FsZXMubmV0d29ya2luZzRhbGwuY29tMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxG3vxWeYbNBfqVft68DaC5ORUmuK8CE3mGUh EKLJgHbPuC7y7KE1mJekeNDv4gehG7gdhGBOobRTwDYru1VnFCmeXKvLXzIaCczR +Xy09L6Itb1aOnLBv7p8VlxQ7OhViCJvmkAXJGHEcEex3ENaMMuw8YBnsw2JzOZv IzBD1XZm04da2k1Ai0vmwH5aoYTA5F+gE9Izouc9Opkp2k9+tdjUY9uarrMRj7XS E+hI4jqnHH32+vPNFziZ4QbVl5GpjMR/Q0GdIL8Bcu8Sw1u3cQSCu0ZzKZTG6oEJ 2oB8dVjc5BrtXfEYxF0s9T8HyXdx4NQuOtjN1beo6TQzP6s9QQIDAQABoAAwDQYJ KoZIhvcNAQELBQADggEBABJ2vZSMHmErkGpZFRBudCEwR+SEPvdYqCVwojn6R4rZ lAsbZ5TNng2GYWDMmoAsw6zq4/fd8q1cAoOG9fj6z3lEswpU3eqhc0f/wrVtfTN7 vc7yAB81FAcgw5Ad7c8h4oGrd3pYtXX/cLHSLSnpnXp9vc4nsWK3h88K8ZV9ih+e eUK0JDV3wZ3ok80JTTkws48/txIApfV6J1P2SfHazK7kann39Mb0ZnIcfBeYK26R APArN6rLh+Yx/gjqaCBo6sGZLx3J5o+W86zaSoo+v8wvPbNa4JNw8gg4PooY6JVE MEU5t6hHjD9AkNCO8uOi1K+FqzHe0aMq0EVvoHw7AMg= -----END CERTIFICATE REQUEST-----

The CSR that was generated for your domain name can now be used to request an SSL certificate on Follow the steps in our SSL Wizard to request the certificate. When you reach the step to enter the CSR, simply copy and paste the generated code in your CSR file.