Entrust Certificate Services Support Knowledge Base

Audience: General
Last Modified: 2012-09-07 15:39:46.0

TN 8425 - How do I generate a 2048 bit CSR using Java Keytool?

Question: How do I generate a 2048 bit CSR using Java Keytool?

Answer:

Before you can create your CSR, you need to create your Java keystore. Your Java keystore contains your private key.

Run the following command to create your 2048 bit Java keystore:

keytool -genkey -alias myalias -keyalg RSA –keysize 2048 -keystore c:\yoursite.keystore

Note the alias you use here to create the keystore. You will need to use this alias later when you install your certificate.

Please note: the below example applies to Entrust Certificate Services customers with the intended purpose of using an SSL/TLS certificate purchased from buy.entrust.net or our Certificate Management Service (CMS)

You will be prompted to enter your DN information for your CSR. When it asks for your first and last name, make sure you enter the FQDN of your site. Here is an example:

What is your first and last name?
  [Unknown]:  http://www.entrust.com/
What is the name of your organizational unit?
  [Unknown]:  IT
What is the name of your organization?
  [Unknown]:  Entrust Inc
What is the name of your City or Locality?
  [Unknown]:  Ottawa
What is the name of your State or Province?
  [Unknown]:  Ontario
What is the two-letter country code for this unit?
  [Unknown]:  CA
Is CN=www.entrust.com, OU=IT, O=Entrust Inc, L=Ottawa, ST=Ontario, C=CA correct?

  [no]:  yes


To create your CSR, run the following command:

keytool -certreq -keyalg RSA -alias myalias -file certreq.txt -keystore c:\yoursite.mykeystore

Affected Products:

  • Entrust Certificate Services Advantage Certificates Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Extended Validation Certificate Units Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services SSL Mgmt Service Account - Non-Pooling Version Not Applicable ALL Platform Not Applicable
  • Entrust Certificate Services Standard Certificates Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services UC Certificates Version Not Applicable Language Not Applicable Platform Not Applicable
  • Entrust Certificate Services Wildcard Certificates Version Not Applicable Language Not Applicable Platform Not Applicable