JAVA CSR CREATION AND SSL CERTIFICATE INSTALLATION
TOMCAT CSR CREATION
Follow these instructions to generate a CSR for your Web site. When you have completed this process, you will have a CSR ready to submit to Trustzone in order to be generated into a SSL Security Certificate
Note: Use JDK 1.4 or higher
1. Create a certificate keystore and private key with the following command:
$JAVA_HOME\bin>keytool -genkey -alias your_alias_name -keyalg RSA -keysize 2048 -keystore your_keystore_filename
Note: Keysize must be specified otherwise keytool will generate a key which is 1024 bit, this does not meet the minimum requirements which is 2048 bit or higher.
2. Replace '$JAVA_HOME' with the directory of your Java Install. If you are on a Windows server change the directory to:
3. Specify the password. It must be at least 6 characters long
4. Input the following:
- What is your first and last name? (This is the Common Name/FQDN field): www.trustzone.com
- What is the name of your organizational unit?: TRUSTZONE
- What is the name of your organization?: TRUSTZONE
- What is the name of your City or Locality?: Copenhagen
- What is the name of your State or Province?: Copenhagen
- What is the two-letter country code for this unit?: DK
Is CN= www.trustzone.com, OU= Trustzone, O= Trustzone, L= Copenhagen, ST= Copenhagen, C= DK correct?: Yes
Enter the password for <your_alias_name> or enter 'RETURN' if it is the same as the keystore password.
5. Create the Certificate Signing Request file using:
$JAVA_HOME\bin>keytool -certreq -keyalg RSA -alias your_alias_name -file certreq.csr -keystore your_keystore_filename
6. Enter keystore password: your_password_here
7. You now have a 'certreq.csr' file. The file is encoded in PEM format and can be entered into the website. Be sure to include the beginning and end tags:
—–BEGIN NEW CERTIFICATE REQUEST—–
—–END NEW CERTIFICATE REQUEST—-
INSTALLING THE CERTIFICATE TO YOUR JAVA KEYSTORE
- Download your SSL Certificate bundle file (your_domain_name.p7b) from your TRUSTZONE Account to the same folder where your keystore is (your_site_name.jks if you used our keytool CSR command generator). The one .p7b file contains all of the necessary certificates for your keystore.
Note: The certificate must be installed to the same keystore that was used to generate your CSR. You will get an error if you try to install it to a different keystore.
- Type the following command to install the certificate file:
keytool -import -trustcacerts -alias server -file your_domain_name.p7b -keystore your_site_name.jks
- If the certificate is installed correctly, you will receive a message stating 'Certificate reply was installed in keystore'
- If it asks if you want to trust the certificate. Choose y or yes.
- Your keystore file (your_site_name.jks) is now ready to use on your server. Just configure your server to use it.
Last updated: July 25, 2017