Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2017-04-10 14:21:33.0

How is a Keystore and Certificate Signing Request (CSR) generated using the Keytool utility?

Article Number: 46311

User-added image

Certificate Signing Request (CSR) Help
For Keytool Utility for Apache Tomcat and Java (Generic) Web Servers


This process is in two parts:
1) Create a Certificate Keystore
2) Generate the Certificate Signing Request

Part 1 of 2: Create a Certificate Keystore

keytool -genkey -alias <tomcat> -keyalg RSA –keysize 2048 -keystore <yourdomain.keystore>

Important:
! Always specify your keystore location when it is being created.
! If you are renewing your certificate, you must create a new key pair and keystore.
! Please use the same alias when creating your CSR and installing your certificate that you use to create your self-signed keystore.

As an example:

C:\> keytool -genkey -alias myalias -keysize 2048 -keyalg RSA -keystore c:\.mykeystore

Enter keystore password: password
What is your first and last name?
[Unknown]: www.testcertificates.com
What is the name of your organizational unit?
[Unknown]: Entrust CS
What is the name of your organization?
[Unknown]: Entrust
What is the name of your City or Locality?
[Unknown]: Ottawa
What is the name of your State or Province?
[Unknown]: Ontario
What is the two-letter country code for this unit?
[Unknown]: CA
Is CN=www.testcertificates.com, OU=Entrust CS, O=Entrust, L=Ottawa, ST=Ontario, C=CA correct?
[no]: yes

Enter key password for
(RETURN if same as keystore password):

Ensure that you take note of the password that is entered and use it when generating the CSR in Part 2.

Part 2 of 2: Generate the Certificate Signing Request

1.     keytool -certreq -keyalg RSA -alias <tomcat> -file certreq.csr -keystore <yourdomain.keystore>

Important:
! Please use the same alias when creating your CSR and installing your certificate that you use to create your self-signed keystore.

As an example:
C:\>keytool -certreq -keyalg RSA -alias myalias -file certreq.txt -keystore c:\.mykeystore
Enter keystore password:

  1. Paste this CSR into your Entrust enrollment submittal page. The CSR should look similar to this:

-----BEGIN NEW CERTIFICATE REQUEST-----

MIIBujCCASMCAQAwejELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDzANBgNVBAcTBk90

dGF3YTEQMA4GA1UEChMHRW50cnVzdDETMBEGA1UECxMKRW50cnVzdCBDUzEhMB8GA1UEAxMYd3d3

5w6T+q/f+wIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEAF+0hqAqXumz/vGrzGVhKHlnxd7HW3ezS

GIbIUcOy1YdDc/1ZCqRpu3utYIZ6welK++l+QjlbL6p5RJJETkkLKXjb/WVFajNuPl7Yob9pbwA7

JBrCCKbFj+kzDNbGhCR1RgFA9vQj5vob41Vj+k+TQchliuTLL9rFXNDHrtgTMtA=

-----END NEW CERTIFICATE REQUEST-----

If you have any questions or concerns please contact the Entrust Certificate Services support department for further assistance.

Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET 
North America (toll free): 1-866-267-9297 
Outside North America: 1-613-270-2680 (or see the list below) 
NOTE: It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.
 

CountryNumber
Australia0011 - 800-3687-7863
1-800-767-513
Austria00 - 800-3687-7863
Belgium00 - 800-3687-7863
Denmark00 - 800-3687-7863
Finland990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
France00 - 800-3687-7863
Germany00 - 800-3687-7863
Hong Kong001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ireland00 - 800-3687-7863
Israel014 - 800-3687-7863
Italy00 - 800-3687-7863
Japan001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Malaysia00 - 800-3687-7863
Netherlands00 - 800-3687-7863
New Zealand00 - 800-3687-7863
0800-4413101
Norway00 - 800-3687-7863
Singapore001 - 800-3687-7863
Spain00 - 800-3687-7863
Sweden00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Switzerland00 - 800-3687-7863
Taiwan00 - 800-3687-7863
United Kingdom00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088

TN8187

Affected Products:

  • Entrust Certificate Services 1 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable