The Java EE 5 Tutorial

Obtaining a Digitally Signed Certificate

    This example assumes that the keystore is named keystore.jks, the certificate file is server.cer, and the CA file is cacerts.jks. To get your certificate digitally signed by a CA:

  1. Generate a Certificate Signing Request (CSR).

    keytool -certreq -alias server-alias -keyalg RSA -file csr-filename 
    -keystore cacerts.jks
  2. Send the contents of the csr-filename for signing.

  3. If you are using Verisign CA, go to Verisign will send the signed certificate in email. Store this certificate in a file.