Generating a CSR on Tomcat using Keytool

Generating a CSR on Tomcat using Keytool

To generate a CSR/Private key on Tomcat, you will utilize the keytool. Firstly, create the keystore for the certificate and generate the Private Key.

How to Generating a CSR on Tomcat using Keytool

Step 1

Open a terminal or console and execute the following command:

keytool -genkey -keysize 2048 -keyalg RSA -alias tomcat -keystore yourkeystore.jks

You will be prompted to enter a password. Default password for tomcat is *changeit*.

Then, you will be asked to enter the information that your future CSR code should contain. The first question is about Common Name (FQDN for which the certificate will be issued) in some versions of keytool the question will be “What is your first and last name?” If this is the case, Type the Common Name (ex. domain.com) instead of your first and last name.

NOTE: It is possible to include the “Street address” detail in the CSR code. For this a “-dname” tool with corresponding data should be specified when creating the keystore:

keytool -genkey -keysize 2048 -keyalg RSA -alias tomcat -keystore yourkeystore.jks -dname “CN=example.com, O=1Byte Inc, L=Phoenix, ST=Arizona, C=US, Street=4600 East Washington Street Suite 305”

Step 2

Once the keystore and Private key are generated it’s time to generate the CSR itself.

To generate the CSR you need to run the command below using the keystore with the Private Key you established in the step above:

keytool -certreq -alias tomcat -file your.csr -keystore yourkeystore.jks

The CSR generated is in the file your.csr. Now you just need to open it as plain text. This plain text will be what you submit on our site during the activation of the certificate. It can be opened with a simple text editor, like Notepad or TextEdit and should look like a block of code with the header —–BEGIN CERTIFICATE REQUEST—–