How to generate a CSR code on Tomcat using keytool

  CSR generation instructions

In order to generate the CSR code on Tomcat, you can use keytool commands.

First, you need to create a keystore that will contain the private key.

Open up a command line interface and run the following command:

keytool -genkey -keysize 2048 -keyalg RSA -alias tomcat -keystore yourkeystore.jks

You are free to use any custom alias and a keystore name.

You will be asked to enter a password for the keystore. Remember this password for later use. The default value is *changeit*.

After that you will be asked the following questions:

What is your first and last name?enter the *fully qualified domain name* you want to secure with the SSL certificate (ex.: or
What is the name of your organizational unit? – provide the name of a division or department within the organization. For Domain Validation certificates you can enter ‘NA’.
What is the name of your organization? – provide the officially registered name for your business.
What is the name of your City or Locality? – provide the complete name of your city or locality. Please do not use abbreviations.
What is the name of your State or Province? – provide the complete name of your state or region.
What is the two-letter country code for this unit? – enter two-letter code of your country (uppercase).

Then you will be asked if the information you submitted is correct:
Is, OU=Your Organizational Unit, O=Your Organization, L=Your City, ST=Your State, C=Your Country correct?

Please type ‘y’ or ‘yes’ to confirm everything is correct.

After the keystore with the private key is generated, you can use the following command to generate the CSR code:

keytool -certreq -keyalg RSA -alias tomcat -file example.csr -keystore example.jks

You will be prompted to enter keystore password.

Now you have a file called example.csr with the certificate signing request. You can open it with any text editor, copy the content including —–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—– headers and submit it for activation of the certificate purchased with us.

After the certificate is issued, follow the steps from this article to install the SSL certificate on your Tomcat server.