CSR CREATION AND SSL CERTIFICATE INSTALLATION – JAVA WEB SERVERS
If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see below.
CSR CREATION FOR JAVA KEYTOOL SSL CERTIFICATE
If you already have your SSL Certificate and just need to install it, see SSL certificate Installation – Java Web Servers.
How to generate a CSR using Java Keytool
Note: You must generate a new keystore through this process. If you try to install a new certificate to an old keystore your certificate will not work properly. Backup and remove any old keystores if necessary before beginning this process.
CREATE A NEW KEYSTORE
- You will be using the keytool command to create your new key-CSR pairing. Enter the following:
keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore yourdomain.jks
'Yourdomain' is the name of the domain you are securing. However, if you are ordering a Wildcard Certificate, do not include * in the beginning of the filename as this is not a valid filename character.
- You will be prompted for the DN information. Please note: when it asks for first and last name, this is not YOUR first and last name, but rather your domain name and extension(i.e., www.yourdomain.com). If you are ordering a Wildcard Certificate this must begin with *. (example: *.trustzone.com)
- Confirm that the information is correct by entering y or yes when prompted. Next you will be asked for your password to confirm. Make sure to remember the password you choose.
GENERATE YOUR CSR WITH YOUR NEW KEYSTORE
- Next, use keytool to actually create the Certificate Signing Request. Enter the following:
keytool -certreq -alias server -keyalg RSA -file yourdomain.csr -keystore yourdomain.jks
Again, 'yourdomain' is the name of the domain you are securing. (without the * character if you are ordering a Wildcard Certificate).
- Enter the keystore password.
- Then the SSL Certificate CSR file is created. Open the CSR with a text editor, and copy and paste the text (including the BEGIN and END tags) into the TRUSTZONE web orderform.
- After you receive your SSL Certificate from TRUSTZONE, you can install it.
INSTALLING THE CERTIFICATE TO YOUR JAVA KEYSTORE
- Download your SSL certificate bundle file (your_domain_name.p7b) from your TRUSTZONE account to the same folder where your keystore is (your_site_name.jks if you used our keytool CSR command generator). The one .p7b file contains all of the necessary certificates for your keystore.
Note: The certificate must be installed to the same keystore that was used to generate your CSR. You will get an error if you try to install it to a different keystore.
- Type the following command to install the certificate file:
keytool -import -trustcacerts -alias server -file your_domain_name.p7b -keystore your_site_name.jks
If the certificate is installed correctly, you will receive a message stating 'certificate reply was installed in keystore'.
If it asks if you want to trust the certificate. Choose y or yes.
Your keystore file (your_site_name.jks) is now ready to use on your server. Just configure your server to use it.
Last updated: August 7, 2017