11.3.2 Generate CSR
This topic provides information about generating the CSR
To purchase an SSL certificate, the user must generate the CSR for the server where the certificate will be installed.
A CSR is generated from the server and is the server's unique fingerprint. The CSR includes the server's public key, which enables server authentication and secure communication. If the keystore file or the password is lost and a new one is generated, the SSL certificate and the private key will no longer match. A new SSL Certificate will have to be requested.
The CSR is created by running the following command in the bin directory of the JRE:
keytool -certreq -alias alias –file certreq_file -keystore keystoreTable 11-10 Command Details
| Keyword | Description |
|---|---|
alias |
Used to identify the public and private key pair created.
The private key associated with the alias will be utilized to create the CSR. Specify the alias of the key pair created in the previous step. |
certreq_file |
It is the file in which the CSR will be stored. |
keystore |
It is the location of the keystore containing the public and private key pair. |
Listed below is the example of sample execution of the command:
D:\Oracle\Weblogic11g\jrockit_160_05_R27.6.2-20\bin>keytool -certreq -alias cvrhp0729 -file D:\keystores\certreq.csr -keystore
D:\keystores\AdminOBVAMKeyStore.jks
Enter keystore password: <Enter a password to protect the keystore>
Enter key password for <cvrhp0729>[Enter the password used to access the key in the keystore]