Generating a Certificate Signing Request (CSR) - Tomcat 4.x/5.x/6.x
To complete your online request form for an SSL, you need to generat a key pair and a Certificate Signing Request (CSR). Follow these instructions to generate them for your website.
Java 2 SDK 1.2 or above must be installed before you can generate your CSR. Once installed, you can use the "keytool" command to create your key pair and CSR.
To Generate the Key Pair
NOTE: For the purposes of this article, we are using PuTTY as our Secure Shell (SSH) client, and we are running Tomcat on a Linux based server. If your configuration is different, it might effect the generation of your CSR.
- To log in to the server's terminal SSH, double click on your servers SSH client.
- Enter the Host Name (or IP address), and then the Port the server is using.
- Select SSH as the Connection type, and then click Open
- At the SSH prompt, enter the server's username, and then press Enter on your keyboard.
- Enter the server's password, and then press Enter.
- Enter the following command, and then press Enter:
keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore
- Enter a password you want to create for your keystore, and then hit Enter.
- Re-enter your keystore password, and then press Enter.
- Answer the following Organizational information, and then press Enter after each item:
- What is your first and last name? - Enter in the fully-qualified domain name (FQDN), Host name, or URL - to which you plan to apply your certificate. Do not enter your personal name in this field.
NOTE: If you are requesting a Wildcard certificate, please add an asterisk (*) on the left side of the Common Name (e.g., *.coolexample.com or www*.coolexample.com). This secures all subdomains of the Common Name.
- What is the name of your organizational unit? - Use this field to differentiate between divisions within an organization. For example, IT. If applicable, you may enter the DBA (doing business as) name in this field.
- What is the name of your organization? - The name under which your business is legally registered. The listed organization must be the legal registrant of the domain name in the certificate request. If you are enrolling as an individual, please enter the certificate requestor's name in the Organization field, and the DBA (doing business as) name in the Organizational Unit field.
- What is the name of your City or Locality? - Name of the city in which your organization is registered or located. Please spell out the name of the city. Do not abbreviate.
- What is the name of your State or Province? - Name of state or province where your organization is located. Please enter the full name. Do not abbreviate.
- What is the two-letter country code for this unit? - The two-letter International Organization for Standardization- (ISO-) format country code for the country in which your organization is legally registered.
- To confirm that your Organizational information is correct, press Y, and then press Enter .
- Create a password for your alias, tomcat, or press Enter on your keyboard to keep it the same as your keystore password.
To Generate a CSR
- Enter the following command, and then press Enter:
keytool -certreq -alias tomcat -file csr.txt -keystore tomcat.keystore
- Enter the keystore password you created when generating the key pair, and then press Enter.
- If the password is correct, the CSR is created.
If the password is incorrect, a password error displays.
- If the password is correct, the CSR is created.
- Enter the following command to retrieve your csr, and then press Enter.
cat csr.txt
- To copy your CSR, highlight it (from -----BEGIN CERTIFICATE REQUEST to END CERTIFICATE REQUEST-----, press Enter, and then paste it into our online application.
For more information on how to request a certificate in our online request form, see Request an SSL certificate