Generate CSR Instructions: Tomcat

Follow these instructions to generate a Private Key and CSR for your Web site. If you are not using JDK 1.4 or higher, you must download and install "Java Secure Socket Extensions" JSSE.

1. Using the java keytool command line utility, the first thing you need to do is create a keystore and generate the key pair. Do this with the following command: $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /working/mykeystore Note that $JAVA_HOME represents the root of your java installation. This command creates the keystore named mykeystore in the working directory (create this directory if does not already exist). You may change the keystore path and name to suit your needs.
2. You will be prompted for a password. Tomcat uses a default password of "changeit". If you use a different password, you will need to specify a custom password in the server.xml configuration file.
3. The next field that you will be prompted for is "What is your first and last name?" At this prompt, you must specify the Common Name (e.g., www.mysite.com) of your web site, not your real first and last name.
4. You will then be prompted for your organizational unit, organization, etc.
5. When generating the keypair you must follow these conventions. Enter the information to be displayed in the certificate. The following characters cannot be accepted: < > ~ ! @ # $ % ^ / \ ( ) ? , &

   CSR Input Fields

   Field	Explanation	Example
   Common Name (CN) (host name, FQDN, etc.)	The fully qualified domain name for your web server. This must be an exact match.	If you intend to secure the URL https://www.domain.com, then your CSR's common name must be "www.domain.com". For https://secure.domain.com it must be "secure.domain.com". For just https://domain.com it must be just "domain.com". For https://owa.mailserver.net it must be "owa.mailserver.net". A Wildcard for https://sub.primary-domain.com must be "*.primary-domain.com". The asterisk must be included for Wildcard CSR's.
   Organization (O)	The exact legal name of your organization. Do not abbreviate your organization name.	Metro Realty LLC or Flowers by Jenny
   Organizational Unit (OU)	Section of the organization	Sales Division or IT or Marketing
   City or Locality (L)	The city where your organization is legally located. Cannot be abbreviated.	Boston
   State (S) or Province	The state or province where your organization is legally located. Cannot be abbreviated.	Massachusetts
   Country (C)	The two-letter ISO abbreviation for your country.	US, CA, GB, (must be two-letters)
   Email	Any email address. This field is arbitrary but must be filled in. GeoTrust will not use this email address to process your order.	user@domain.com
   Key Bit Length	The key bit length has to do with the initial key exchange, not the encryption strength of your certificate.	GeoTrust recommends a key bit length of at least 1024

6. Now generate the Certificate Signing Request (CSR) from the private key generated above using the following command: $JAVA_HOME/bin/keytool -certreq -alias tomcat -keystore /working/mykeystore -file yourdomain.csr This creates a (CSR) and stores it in a file named yourdomain.csr.
7. Save a copy of your CSR. The CSR will be needed during the purchase process. You'll be asked to copy-and-paste your CSR into a special CSR box.
   
   Below is an example of what your CSR will look like. This is a example only and cannot be used to generate your SSL certificate. -----BEGIN CERTIFICATE REQUEST----- MIIB3zCCAUgCAQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdHZW9yZ2lhMRAw DgYDVQQHEwdBdGxhbnRhMREwDwYDVQQKEwhHZW9DZXJ0czEaMBgGA1UECxMRSW5l cm5ldCBNYXJrZXRpbmcxGTAXBgNVBAMTEHd3dy5nZW9jZXJ0cy5jb20xITAfBgkq hkiG9w0BCQEWEmFkbWluQGdlb2NlcnRzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB jQAwgYkCgYEA5KOi+RnRzBuBQeFYjrwZg1sfT7zr4L8j0Khuoj621x+lGBmFC76c kGclUIQBmuyp9T9NrNqAjGtEmgdFr6cWLJtgXgi+BaZDLX9BMYF49NuTggNoEUMX crQRAENHb2YthG2SEcF5p98RNcDPzWOA3a4AMvgkxDlDGYUhbcQhnt0CAwEAAaAA MA0GCSqGSIb3DQEBBAUAA4GBAIapt6Tw0BTYUwEAX0/oKvaaN/ghErR85jdW7xOD b1hL0yNfb495A7e/IQyBEP5a/v+QUOtibHS4geiPhH9etAI+DSQmctjbf6dMGJql gCXGwlsTbjPOSmNT+/X2Uvf1BlplwqAMDghEuFHsjshlypz1NEg94ri2K9N1VrBs
+iAv
-----END CERTIFICATE REQUEST-----

Home | SSL Certificates | GeoAuthorize | Support | Company | Contact Us | Buy Now | Renew | Site Map

Copyright © 2002-2008 GeoCerts | copyright protection by  bitscan™
All registered trade/service marks are property of their respective holders.
*Orders flagged by GeoTrust for a manual security audit may take longer than ten minutes.