Loading...

Knowledge Base

How To Create a CSR With Keytool

Before you start to create your CSR, you have to create a Keystore with Keytool first.

 

Creating a Keystore:

You can create a Keystore with Keytool by following these steps:

  1. Use the following command:
    --> keytool -genkey -keyalg RSA -keysize 2048 -keystore domain.keystore

    If you want to use an alias, then this command has to include -alias MY_SITE (where MY_SITE is the alias name), otherwise the default alias is mykey.
     
  2. The system will prompt you to answer the following questions:
     
    Enter keystore password: You will need this later, so make sure it's something that you can remember easily.
    What is your first and last name? This is the Common or Domain Name where you will eventually want to make TLS connections.
    What is the name of your organizational unit? This is the department that will be handling the SSL Certificate once you receive it.
    What is the name of your organization? This is the name of your company. Make sure it is the same as it is listed in official documentation and include LLC, Inc, Ltd or Co, if applicable.
    What is the name of your City or Locality? The town or city where your organization is based.
    What is the name of your State or Province? The name of the state or region where your organization is based. This needs to be written out in full, it shouldn't be abbreviated.
    What is the two-letter country code for this unit? The two-letter ISO code for the country where your organization is based.

     
  3. The system will then ask you to confirm the information you entered:
    Is CN=www.yourdomainname.com, OU=Your Organizational Unit, O=Your Organization, L=Your City, ST=Your State, C=Your Country correct?
     
  4. Check the information carefully, then answer y or yes. The system will then ask for the password in the follwing prompt:
    Enter key password for < mykey >
 

NOTE: If you want to create the CSR without all of the extra prompts for information, then you can modify the initial command like this:
--> keytool -genkey -keyalg RSA -keysize 2048 -dname "CN=www.yourdomain.com, O=Default, C=US" -keystore domain.keystore

 

 

Creating a CSR using Keytool

  1. Use the following command to generate your CSR:
    --> keytool -certreq -keyalg RSA -file domain.csr -keystore domain.keystore
  2. The system will prompt you to enter the Keystore password:
    Enter keystore password
 

If the password you have entered is correct, your CSR will be generated. Make sure you save it because you will need the CSR in its entirety when you apply for your SSL Certificate.

Once you have received your SSL Certificate, you can install it.

Did you find this article helpful?

 
* Your feedback is too short

Loading...