3.3.2 Generate CSR

To purchase an SSL certificate, one needs to generate a Certificate Signing Request (CSR) for the server where the certificate will be installed.

A CSR is generated from the server and is the server's unique "fingerprint." The CSR includes the server's public key, which enables server authentication and secure communication.

Note:

If the keystore file or the password is lost and a new one is generated, the SSL certificate and the private key will no longer match. A new SSL Certificate will have to be requested.

The CSR is created by running the following command in the bin directory of the JRE:

keytool -certreq -alias alias –file certreq_file -keystore keystore

In the above command,

Table 3-4 Description of Placeholders

Placeholder	Description
alias	alias is used to identify the public and private key pair. The private key associated with the alias will be utilized to create the CSR. Specify the alias of the key pair created in the previous step.
certreq_file	certreq_file is the file in which the CSR will be stored.
keystore	keystore is the location of the keystore containing the public and private key pair.

For example,

The result of a sample execution of the command is listed below:

D:\Oracle\Weblogic11g\jrockit_160_05_R27.6.2-20\bin>keytool -certreq -alias cvrhp0729 -file D:\keystores\certreq.csr -keystore D:\keystores\AdminOBREMOKeyStore.jks

Enter keystore password:[Enter the password used to access the keystore]

Enter key password for <cvrhp0729>[Enter the password used to access the key in the keystore]