Create CSR Java

The following commands are executed on commandline.

In order to use the Java Keytool to generate a CSR, you require a Java Keystore. This manages the keypair (private and public key) for the request. If the server does not yet have a Keystore, it must first be generated before the CSR can be created.

keytool -genkey -alias yourdomainname -keyalg RSA -keystore KeyStore.jks -keysize 2048
Enter keystore password: (enter a new password)
Re-Enter new password: (confirm password)

In this example, please replace 'yourdomainname' in the alias with the domain name for which the keypair is generated. This alias must be the same throughout the process: in order to avoid confusion, always use the domain name for which you want to request a certificate.

The server will automatically continue with a request for information that is mandatory for the creation of a CSR. Give the appropriate responses and press enter after each answer.

  • What is your first and last name? (Please note: while the question might imply otherwise, enter your common name here.)
  • What is the name of your organizational unit? (The name of your department, for example 'Sales'.)
  • What is the name of your organization? (the company name, as has been entered in the registry of the Chamber of Commerce.)
  • What is the name of your City or Locality? (the name of the town or city your company is located in.)
  • What is the name of your State or Province? (The state or province your company is located in.)
  • What is the two-letter country code for this unit? (The country code in capital letters, for example US or GB)

The server will ask you to verify the information you entered. Answer the question with either 'yes' or 'no'.

The server will also ask for a password: press enter to use the same password you entered when creating the keystore.

Generate a CSR

Execute the following command:

keytool -certreq -alias yourdomainname -keystore KeyStore.jks -file yourdomainname.csr

In this example, the name of the CSR file that is being created is 'yourdomainname.csr'. Replace 'yourdomainname' with the domain name for which the certificate is requested.

If you have not created a keystore for this alias yet, the server will automatically ask for information that is mandatory for the CSR. This process is the same as described above. Give the required information and press enter.

If you have already created a keystore for this alias, the server will ask for the password. It will automatically create the CSR using the previously entered file name 'yourdomainname.csr'. You can find the file on your server. Please check if the file was created correctly by using the following command:

cat yourdomainname.csr

This will display the CSR file created for your domain name. The result will be similar to the following example:


The CSR that was generated for your domain name can now be used to request an SSL certificate on Follow the steps in our SSL Wizard to request the certificate. When you reach the step to enter the CSR, simply copy and paste the generated code in your CSR file.