Generating a Certificate Signing Request (CSR) - Tomcat 4.x/5.x/6.x Generating a Certificate Signing Request (CSR) - Tomcat 4.x/5.x/6.x

Generating a Certificate Signing Request (CSR) - Tomcat 4.x/5.x/6.x.

Follow the below instructions to generate key pair and CSR for your Web server. When you have completed generating your CSR, cut/copy and paste it into the CSR field on the SSL certificate-request page.

NOTE: Java 2 SDK 1.2 or above must be installed before you can generate your CSR. Once installed, you will be using the "keytool" command to create your key pair and CSR.

To Generate the Key Pair

  • 1. Enter the following command:
keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore
  • 2. You will be prompted for a password. Tomcat uses the default password changeit.
  • 3. Enter Distinguished Name (DN) information:
    • First and last name - This is the Common Name: The common name is the fully-qualified domain name (FQDN), Host name, or URL - to which you plan to apply your certificate. Do not enter your personal name in this field.
NOTE: If you are requesting a Wildcard certificate, please add an asterisk (*) on the left side of the Common Name (e.g., "*.coolexample.com" or "www*.coolexample.com"). This will secure all subdomains of the Common Name.
    • Organizational unit - Use this field to differentiate between divisions within an organization. For example, "Engineering" or "Human Resources." If applicable, you may enter the DBA (doing business as) name in this field.
    • Organization - The name under which your business is legally registered. The listed organization must be the legal registrant of the domain name in the certificate request. If you are enrolling as an individual, please enter the certificate requestor's name in the Organization field, and the DBA (doing business as) name in the Organizational Unit field.
    • City/Locality - Name of the city in which your organization is registered/located. Please spell out the name of the city. Do not abbreviate.
    • State/Province - Name of state or province where your organization is located. Please enter the full name. Do not abbreviate.
    • Country code - The two-letter International Organization for Standardization- (ISO-) format country code for the country in which your organization is legally registered.
  • 4. Confirm that the Distinguished Name information is correct.
To Generate a CSR
  • 1. Enter the following command:
keytool -certreq -keyalg RSA -alias tomcat -file .csr -keystore tomcat.keystore
  • 2. Enter the keystore password:
    • * If the password is correct then the CSR is created.
    • * If the password is incorrect then a password error is displayed.
  • 3. Cut/copy and paste the generated CSR into our online enrollment form.
  • 4. Select Tomcat as your server software.


Generating a Certificate Signing Request (CSR) - Tomcat 4.x/5.x/6.x Generating a Certificate Signing Request (CSR) - Tomcat 4.x/5.x/6.x

Send a message


© ASTEHOST 2006 - 2021