Create CSR Java

The following commands are executed on commandline.

In order to use the Java Keytool to generate a CSR, you require a Java Keystore. This manages the keypair (private and public key) for the request. If the server does not yet have a Keystore, it must first be generated before the CSR can be created.

keytool -genkey -alias yourdomainname -keyalg RSA -keystore KeyStore.jks -keysize 2048
Enter keystore password: (enter a new password)
Re-Enter new password: (confirm password)

In this example, please replace 'yourdomainname' in the alias with the domain name for which the keypair is generated. This alias must be the same throughout the process: in order to avoid confusion, always use the domain name for which you want to request a certificate.

The server will automatically continue with a request for information that is mandatory for the creation of a CSR. Give the appropriate responses and press enter after each answer.

  • What is your first and last name? (Please note: while the question might imply otherwise, enter your common name here.)
  • What is the name of your organizational unit? (The name of your department, for example 'Sales'.)
  • What is the name of your organization? (the company name, as has been entered in the registry of the Chamber of Commerce.)
  • What is the name of your City or Locality? (the name of the town or city your company is located in.)
  • What is the name of your State or Province? (The state or province your company is located in.)
  • What is the two-letter country code for this unit? (The country code in capital letters, for example US or GB)

The server will ask you to verify the information you entered. Answer the question with either 'yes' or 'no'.

The server will also ask for a password: press enter to use the same password you entered when creating the keystore.

Generate a CSR

Execute the following command:

keytool -certreq -alias yourdomainname -keystore KeyStore.jks -file yourdomainname.csr

In this example, the name of the CSR file that is being created is 'yourdomainname.csr'. Replace 'yourdomainname' with the domain name for which the certificate is requested.

If you have not created a keystore for this alias yet, the server will automatically ask for information that is mandatory for the CSR. This process is the same as described above. Give the required information and press enter.

If you have already created a keystore for this alias, the server will ask for the password. It will automatically create the CSR using the previously entered file name 'yourdomainname.csr'. You can find the file on your server. Please check if the file was created correctly by using the following command:

cat yourdomainname.csr

This will display the CSR file created for your domain name. The result will be similar to the following example:

-----BEGIN CERTIFICATE REQUEST-----
MIIC7DCCAdQCAQAwgaYxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdEcmVudGhlMQ4w
DAYDVQQHDAVFbW1lbjEbMBkGA1UECgwSTmV0d29ya2luZzRhbGwgQi5WMQ4wDAYD
VQQLDAVTYWxlczEfMB0GA1UEAwwWd3d3Lm5ldHdvcmtpbmc0YWxsLmNvbTEnMCUG
CSqGSIb3DQEJARYYc2FsZXMubmV0d29ya2luZzRhbGwuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxG3vxWeYbNBfqVft68DaC5ORUmuK8CE3mGUh
EKLJgHbPuC7y7KE1mJekeNDv4gehG7gdhGBOobRTwDYru1VnFCmeXKvLXzIaCczR
+Xy09L6Itb1aOnLBv7p8VlxQ7OhViCJvmkAXJGHEcEex3ENaMMuw8YBnsw2JzOZv
IzBD1XZm04da2k1Ai0vmwH5aoYTA5F+gE9Izouc9Opkp2k9+tdjUY9uarrMRj7XS
E+hI4jqnHH32+vPNFziZ4QbVl5GpjMR/Q0GdIL8Bcu8Sw1u3cQSCu0ZzKZTG6oEJ
2oB8dVjc5BrtXfEYxF0s9T8HyXdx4NQuOtjN1beo6TQzP6s9QQIDAQABoAAwDQYJ
KoZIhvcNAQELBQADggEBABJ2vZSMHmErkGpZFRBudCEwR+SEPvdYqCVwojn6R4rZ
lAsbZ5TNng2GYWDMmoAsw6zq4/fd8q1cAoOG9fj6z3lEswpU3eqhc0f/wrVtfTN7
vc7yAB81FAcgw5Ad7c8h4oGrd3pYtXX/cLHSLSnpnXp9vc4nsWK3h88K8ZV9ih+e
eUK0JDV3wZ3ok80JTTkws48/txIApfV6J1P2SfHazK7kann39Mb0ZnIcfBeYK26R
APArN6rLh+Yx/gjqaCBo6sGZLx3J5o+W86zaSoo+v8wvPbNa4JNw8gg4PooY6JVE
MEU5t6hHjD9AkNCO8uOi1K+FqzHe0aMq0EVvoHw7AMg=
-----END CERTIFICATE REQUEST-----

The CSR that was generated for your domain name can now be used to request an SSL certificate on www.networking4all.com. Follow the steps in our SSL Wizard to request the certificate. When you reach the step to enter the CSR, simply copy and paste the generated code in your CSR file.