Generate a Certificate Signing Request (CSR)


Follow these instructions to generate a CSR for your Web site. When you
have completed this process, click the “close” button below to close this
window and continue to the next step.

If you are not using JDK 1.4 or higher, you must download and install
"Java Secure Socket Extensions" JSSE.

1. Generate a private key with the following command:

$JAVA_HOME/bin/keytool -genkey
-alias tomcat -keyalg RSA -keystore /path/to/domainname.kdb

You will be prompted for a password.
Tomcat uses a default password of "changeit". If you use a different
password, you will need to specify a custom password in the server.xml
configuration file.

The next field that you will be
prompted for is "What is your first and last name?" At this
prompt, you must specify the common name (FQDN) of your web site.

You will then be prompted for your
organizational unit, organization, etc.

.2. Generate the Certificate Signing
Request (CSR)

$JAVA_HOME/bin/keytool -certreq
-alias tomcat -keystore /path/to/keystore.kdb -file filename.csr

You will not be prompted for the common
name, organization, etc. The keytool will use the values that you specify when
generating the private key.

3. Copy the Certificate Signing Request and send to Equifax.
(Go through steps for purchasing a certificate and paste
your certificate request in block when prompted)

**** Be sure to include —–BEGIN NEW CERTIFICATE REQUEST—–

4. Make a backup of the keystore.kdb key database. GeoTrust is not responsible
if your server crashes and this file is lost.