Generating a CSR on Sun Java System Web Server 7.x

Generating a CSR on Sun Java System Web Server 7.x
β€‹αž˜αžΆαžαž·αž€αžΆ

Sun Java System WS is a Java-based web server, which implies that CSR generation can be accomplished in two ways: through the SJS web interface (Server Certificate Wizard) or via shell commands (keytool).

I. Wizard.

To generate CSR via the Sun Java System WebServer certificate wizard, follow the steps below:

1) αž…αž»αž… αžœαž·αž‰αŸ’αž‰αžΆαž”αž“αž”αŸαžαŸ’αžšαž˜αŸ‰αžΆαžŸαŸŠαžΈαž“αž˜αŸ tab >> αžŸαŸ†αžŽαžΎαžšαžŸαž»αŸ† αž”αŸŠαžΌαžαž»αž„αŸ”

2) αž‡αŸ’αžšαžΎαžŸαžšαžΎαžŸ αž€αžΆαžšαž€αŸ†αžŽαžαŸ‹β€‹αžšαž…αž“αžΆαžŸαž˜αŸ’αž–αŸαž“αŸ’αž’.
Select a configuration from the configuration list for which you need to install the certificate. Configuration name can be either your αžšαž”αžŸαŸ‹αž’αŸ’αž“αž€ name, a hostname or a server name (e.g. localhost if created and addressed in LAN only)

After the configuration is selected, click αž”αž“αŸ’αž‘αžΆαž”αŸ‹.

3) Select Tokens.

Select the token (Cryptographic Device) which contains the keys. A αž“αž·αž˜αž·αžαŸ’αžαžŸαž‰αŸ’αž‰αžΆαžŸαž»αžœαžαŸ’αžαž·αž—αžΆαž– (αž¬αž–αŸαž›αžαŸ’αž›αŸ‡ authentication token, USB token, cryptographic token, software token) may be a physical device that an authorized user of computer services is given to ease authentication. Choose β€œαž•αŸ’αž‘αŸƒαž€αŸ’αž“αž»αž„β€ as the private key must be stored on the server only.

Selecting other than β€œαž•αŸ’αž‘αŸƒαž€αŸ’αž“αž»αž„β€ will cause the private key to be saved elsewhere preventing the certificate from further installation.

αž…αž»αž… αž”αž“αŸ’αž‘αžΆαž”αŸ‹.

4) Enter Details.

In this form, data embedded in the signing request should be filled. Use only alphanumeric characters. Otherwise, the CSR can be rejected by a Certificate Authority. Note that:

Server Name (CN): the domain that you would like to have the certificate for (FQDN only). For Wildcard certificate, use *.example.com. More information can be found αž“αŸ…β€‹αž‘αžΈαž“αŸαŸ‡.

αž’αž„αŸ’αž‚αž€αžΆαžš (O): your company legal business name – necessary for Organization Validation and Extended Validation certificates (for Domain Validation – β€˜NA’ can be used)

Locality (L): the city you or your company is situated in.

αžšαžŠαŸ’αž‹ (ST): state or province.

αž”αŸ’αžšαž‘αŸαžŸ (C): name of your country and two-digit ISO compliant αž›αŸαžαž€αžΌαžŠαž”αŸ’αžšαž‘αŸαžŸ that can be chosen from the drop-down list.

After the form is filled, click αž”αž“αŸ’αž‘αžΆαž”αŸ‹.

5) Choose Certificate Options.

Here, you are required to provide the key information. For key type, you can choose RSA or ECC. If the key type is RSA, the key size should be at least 2048 (standard recommended key size). If your key type is ECC, you will also need to select a curve.

You can choose those curves from the dropdown: prime256v1 (elliptic curve), secp384r1 (elliptic curve) or secp521r1. However, keep in mind that curve 521 is not supported by Chromium engine – SSL certificates will show errors in Chromium-based browsers.

αž–αŸαžαŸŒαž˜αžΆαž“αž”αž“αŸ’αžαŸ‚αž˜αž’αžΆαž…αžαŸ’αžšαžΌαžœαž”αžΆαž“αžšαž€αžƒαžΎαž‰ αž“αŸ…β€‹αž‘αžΈαž“αŸαŸ‡.

6) Select Certificate Type.

Select the Certificate Signing Authority (CSA) for the certificate (Self-signed or CA signed). Select CA signed αžαŸ‚αž”αŸ‰αž»αžŽαŸ’αžŽαŸ„αŸ‡αŸ”

7) Once αž”αž“αŸ’αž‘αžΆαž”αŸ‹ is clicked, press αž”αž‰αŸ’αž…αž”αŸ‹.

You should be provided with a Certificate Signing Request in base64-encoded text format.
Your generated CSR can be used during the activation. The activation guide can be found αž“αŸ…β€‹αž‘αžΈαž“αŸαŸ‡.

After that, the issued certificate can be installed using αž€αžΆαžšαžŽαŸ‚αž“αžΆαŸ†αž“αŸαŸ‡.

II. Using keytool utility.

To generate a CSR using keytool, you need to:

1) Run the following command in your CLI (command line interface):

keytool -genkey -alias < keystore alias > -keyalg RSA -keysize 2048 -keystore < keystore name > .jks -storepass < keystore password >

keystore alias, keystore name, keystore password should be replaced with your own details.

Default keystore alias is mykey, keystore name is keystore.jks, and the password – chageit.

2) Keytool will ask you the information needed for CSR generation. Fill the needed information like it was explained earlier and the key will be created along with the entered data.

3) Run the next command to generate the CSR for the certificate activation:

keytool -certreq -alias < keystore alias > -file < your CSR file name >.csr -keystore < keystore name >.jks

4) After executing this command and entering the keystore password, the CSR can be found in .csr file.

You can open that file using Notepad or TextEdit or using a shell text editor like nano or vi. Use the CSR in the certificate αž€αžΆαžšαž’αŸ’αžœαžΎαž±αŸ’αž™αžŸαž€αž˜αŸ’αž˜.

The issued certificate can be installed with the help of αž€αžΆαžšαžŽαŸ‚αž“αžΆαŸ†αž“αŸαŸ‡.