3.2.2 Generate CSR
This topic provides the information to generate CSR.
To purchase an SSL certificate, one needs to generate a Certificate Signing Request (CSR) for the server where the certificate will be installed.
A CSR is generated from the server and is the server's unique fingerprint. The CSR includes the server's public key, which enables server authentication and secure communication.
Note:
If the keystore file or the password is lost and a new one is generated, the SSL certificate and the private key will no longer match. A new SSL Certificate will have to be requested.The CSR is created by running the following command in the bin directory of the JRE:
keytool -certreq -alias alias –file certreq_file -keystore keystoreIn the above command,
- alias is used to identify the public and private key pair. The private key associated with the alias will be utilized to create the CSR. Specify the alias of the key pair created in the previous step.
- certreq_file is the file in which the CSR will be stored.
- keystore is the location of the keystore containing the public and private key pair.
Example:
Listed below is the result of a sample execution of the command.
D:\Oracle\Weblogic11g\jrockit_160_05_R27.6.2-20\bin>keytool -certreq - alias cvrhp0729 -file D:\keystores\certreq.csr -keystoreD:\keystores\FCUBSKeyStore.jksEnter keystore password:[Enter the password used to access the keystore]
Enter key password for <cvrhp0729>
(RETURN if same as keystore password):[Enter the password used to access the key in the keystore]