Generate a Certificate Signing Request (CSR) on Tomcat

Global Support Centre > SSL Certificates > Tomcat > Generate a CSR

To generate a Certificate Signing Request (CSR), perform the following steps:

Please use JDK 1.4 or higher

  1. Create a certificate keystore and private key with the following command:
    1. $JAVA_HOME\bin>keytool -genkey -alias your_alias_name -keyalg RSA -keystore your_keystore_filename
    2. Note: Replace $JAVA_HOME with the directory of your Java Install – If you are a on Windows Server, change directory to \Program Files\Java\javaversionhere\bin

      3. 1

  2. Specify the password – must be at least 6 characters long, and MUST be remembered.
  3. You must input the following:
    • What is your first and last name? *This is the Common Name Field – The Fully Qualified Domain Name MUST be entered here*
      [Unknown]: www.globalsign.net
    • What is the name of your organizational unit?
      [Global Sign]: Global Sign
    • What is the name of your organization?
      [Global Sign]: Global Sign
    • What is the name of your City or Locality?
      [London]: London
    • What is the name of your State or Province?
      [London]: London
    • What is the two-letter country code for this unit?
      [GB]: GB
    • Is CN=www.globalsign.net, OU=Global Sign, O=Global Sign, L=London, ST=London, C=GB correct?
      [no]: yes
    • Enter key password for <your_alias_name>
      (RETURN if same as keystore password):

    2

  4. Create the Certificate Signing Request file with the following command:
    1. $JAVA_HOME\bin>keytool -certreq -keyalg RSA -alias your_alias_name -file certreq.csr -keystore your_keystore_filename
    2. Enter keystore password: your_password_here

    3

  5. Now you have a file called certreq.csr. The file is encoded in PEM format and this can be entered into the website. Insure to include:
    • -----BEGIN NEW CERTIFICATE REQUEST-----
    • -----END NEW CERTIFICATE REQUEST-----