3.3.2 Generate CSR
To purchase an SSL certificate, one needs to generate a Certificate Signing Request (CSR) for the server where the certificate will be installed.
Note:
If the keystore file or the password is lost and a new one is generated, the SSL certificate and the private key will no longer match. A new SSL Certificate will have to be requested.The CSR is created by running the following command in the bin directory of the JRE:
keytool -certreq -alias alias –file certreq_file
-keystore keystore
In the above command,
Table 3-4 Description of Placeholders
Placeholder | Description |
---|---|
alias |
alias is used to identify the public and private key pair. The private key associated with the alias will be utilized to create the CSR. Specify the alias of the key pair created in the previous step. |
certreq_file |
certreq_file is the file in which the CSR will be stored. |
keystore |
keystore is the location of the keystore containing the public and private key pair. |
For example,
The result of a sample execution of the command is listed below:
D:\Oracle\Weblogic11g\jrockit_160_05_R27.6.2-20\bin>keytool -certreq -alias
cvrhp0729 -file D:\keystores\certreq.csr -keystore
D:\keystores\AdminOBREMOKeyStore.jks
Enter keystore password:[Enter the password used to access the
keystore]
Enter key password for <cvrhp0729>[Enter the password used to access
the key in the keystore]