JAVA CSR CREATION AND SSL CERTIFICATE INSTALLATION 

 

TOMCAT CSR CREATION
 

Follow these instructions to generate a CSR for your Web site. When you have completed this process, you will have a CSR ready to submit to Trustzone in order to be generated into a SSL Security Certificate

Note: Use JDK 1.4 or higher

1.  Create a certificate keystore and private key with the following command:
$JAVA_HOME\bin>keytool -genkey -alias your_alias_name -keyalg RSA -keysize 2048 -keystore your_keystore_filename

Note: Keysize must be specified otherwise keytool will generate a key which is 1024 bit, this does not meet the minimum requirements which is 2048 bit or higher.

2. Replace '$JAVA_HOME' with the directory of your Java Install. If you are on a Windows server change the directory to:

\Program Files\Java\javaversionhere\bin

3. Specify the password. It must be at least 6 characters long

4. Input the following:
 

  • What is your first and last name? (This is the Common Name/FQDN field): www.trustzone.com
  • What is the name of your organizational unit?: TRUSTZONE
  • What is the name of your organization?: TRUSTZONE
  • What is the name of your City or Locality?: Copenhagen
  • What is the name of your State or Province?: Copenhagen
  • What is the two-letter country code for this unit?: DK

Is CN= www.trustzone.com, OU= Trustzone, O= Trustzone, L= Copenhagen, ST= Copenhagen, C= DK correct?: Yes

Enter the password for <your_alias_name> or enter 'RETURN' if it is the same as the keystore password.

5. Create the Certificate Signing Request file using:

$JAVA_HOME\bin>keytool -certreq -keyalg RSA -alias your_alias_name -file certreq.csr -keystore your_keystore_filename

6. Enter keystore password: your_password_here

7. You now have a 'certreq.csr' file. The file is encoded in PEM format and can be entered into the website. Be sure to include the beginning and end tags:

—–BEGIN NEW CERTIFICATE REQUEST—–
—–END NEW CERTIFICATE REQUEST—-

 

INSTALLING THE CERTIFICATE TO YOUR JAVA KEYSTORE 
 
  • Download your SSL Certificate bundle file (your_domain_name.p7b) from your TRUSTZONE Account to the same folder where your keystore is (your_site_name.jks if you used our keytool CSR command generator). The one .p7b file contains all of the necessary certificates for your keystore.

Note: The certificate must be installed to the same keystore that was used to generate your CSR. You will get an error if you try to install it to a different keystore.

  • Type the following command to install the certificate file:

keytool -import -trustcacerts -alias server -file your_domain_name.p7b -keystore your_site_name.jks

  • If the certificate is installed correctly, you will receive a message stating 'Certificate reply was installed in keystore'
  • If it asks if you want to trust the certificate. Choose or yes.
  • Your keystore file (your_site_name.jks) is now ready to use on your server. Just configure your server to use it.

Last updated: July 25, 2017