CSR Generation Steps Apache Tomcat

In order to generate a keystore for your Tomcat system perform the following instructions listed below.

Step 1: Create a Keystore:

  1. Create a certificate keystore and private key by executing the following command:
    Note:  You will specify a  Privatkey Alias . This Alias will be used for CSR creation and eventually installation of the SSL Certificate.
  2. keytool -genkey -alias  create_Privatkey_Alias  -keyalg RSA -keystore path_and_create_KeystoreFilename .jks – keysize 2048
  3. Example:

  4. Enter and re-enter a keystore password.
  5. Fill out the applicable information:
    • First and Last Name? or Common Name (CN):  The Common Name is the Host + Domain Name. It looks like “ www.mydomain.com” or “company.com”.
    • Organizational Unit (OU):  This field is optional; but can be used to help identify certificates registered to an organization. The Organizational Unit (OU) field is the name of the department or organization unit making the request.
    • Organization (O):  If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll.  Example: XY & Z Corporation would be XYZ Corporation
    • Locality or City (L):  The Locality field is the city or town name, for example: Boston
    • State or Province (S):  Spell out the state completely; do not abbreviate the state or province name, for example: New York
    • Country Name (C):  Use the two-letter code without punctuation for country, for example: US or CA.

  6. Confirm or reject the details by typing “Yes” or “No” and press  Enter.

Step 2: Creating your CSR from your keystore:

  1. The CSR is then created using the following command:
  2. keytool -certreq -keyalg RSA -alias  your_privatekey_alias  -file  your_csr_file .csr -keystore  your_keystore_filename .jks
  3. Create a copy of the keystore file. Having a back-up file of the keystore at this point can help resolve installation issues that can occur when importing the certificate into the original keystore file.
  4. To copy and paste the file certreq.csr into the enrollment form, open the file in a text editor that does not add extra characters (Notepad or Vi are recommended).

Your CSR request has been created

Note:  You will need to use this custom password later for installation and to configure the Tomcat  server.xml  configuration file. In addition, remember your Alias Name for your private key. you will require it for installation.