What is CSR (Certificate Signing Request) ?

CSR (Certificate Signing Request)

Before you can order an SSL Certificate, you must first generate a CSR (Certificate Signing Request) for your server.

A CSR is an encoded file that provides you with a standardized way to send us your public key along with some information that identifies your company and domain name. When you generate a CSR, most server software asks for the following information: common name (i.e. www.example.com), organization name and location (country, state/province, city/town), key type (typically RSA), and key size (2048 bit minimum).

How to generate a CSR in Tomcat with Keytool?

You must generate a new keystore by following this process. If you try to install a new certificate to an old keystore your certificate will not work properly. Backup and remove any old keystores if necessary before beginning this process.

To generate a Certificate Signing Request (CSR), perform the following steps:

A. Create a New Keystore

You will be using the keytool command to create and manage your new Keystore file. You need to add the java /bin/ directory to your PATH veriable before the keytool command is recognized. When you are ready to create your keystore go to the directory where you plan to manage your Keystore and certificates. Open command prompt and enter the following command:

 keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore site_Name

  1. You will be prompted to choose a password for your keystore, put the password for keystore.
  2. You will then be prompted to enter your Organization information. For example:

What is your first and last name?
[Unknown]: *.mydomain.com

What is the name of your organizational unit?
[Unknown]: IT

What is the name of your organization?
[Unknown]: techdiary

What is the name of your City or Locality?
[Unknown]: Westborough

What is the name of your State or Province?
[Unknown]: Massachusetts

What is the two-letter country code for this unit?
[Unknown]: US

Is CN=physicianportal.cimpa.com, OU= IT , O=” techdiary , LLC”, L= Westborough , ST=Massachusetts, C=US correct?
[no]: yes

Note: When it asks for first and last name, this is NOT your first and last name, but rather it is your Fully Qualified Domain Name for the site you are securing (example: www.mydomain.com). If you are ordering a Wildcard Certificate this must begin with the * character. (Example: *.mydomain.com).

  1. After you have completed the required information confirm that the information is correct by entering ‘y’ or ‘yes’ when prompted. Next you will be asked for your password to confirm. Make sure to remember the password you choose.
  1. Your keystore file named ‘site_name’ is now created in your current working directory.

B. Generate a CSR from Your New Keystore

  1. Next, you will use keytool to create the Certificate Signing Request (CSR) from your Keystore. Enter the following command:

keytool -certreq -alias server -file csr.txt -keystore site_name

  1. Type the keystore password that you chose earlier and hit Enter.
  1. Your CSR file named csr.txt is now created in your current directory. Open the CSR with a text editor, and copy and paste the text (including the BEGIN and END tags) into the CA web order form. Be careful to save the keystore file (site_name) as your certificates will be installed to it later.

After you receive your SSL Certificate from CA, you can install it.


<<Click here to see all posts>>


1 comment on “What is CSR (Certificate Signing Request) ?”

  1. Pingback: Various SSL/TLS Certificate File Types/Extensions | Tech Diary

Leave a Reply

Your email address will not be published. Required fields are marked *

Prove You Are Human Time limit is exhausted. Please reload CAPTCHA.