How to generate a Certificate Signing Request (CSR) via Java Keystore

A CSR is encoded text that contains information about the certificate requester. This information includes, but is not limited to, the publisher name for the certificate (referred to as a "Common Name"), organization name (if applicable), and a contact email for the certificate. When creating a CSR it will export two files, these two files will be your CSR, which will be requested during enrollment, and a corresponding private key which should not be shared and will be required during installation.

Note: Before proceeding with the instructions below, confirm the Java Development Kit (JDK) is installed correctly on your server or local computer.

CSR Generation Instructions

The following instructions will guide you through creating a Java Keystore File and CSR. 

  1. To make a keystore and key file, run the command prompt below:

keytool -genkey -alias server -keyalg RSA -keysize 4096 -keystore keystore.jks

  1. Enter the required information, when prompted:
    • Enter keystore password:
    • Re-enter new password:
    • What is your first and last name?
    • What is the name of your organization unit?
    • What is the name of your organization?
    • What is the name of your City or Locality?
    • What is the name of your State or Province?
    • What is the two-letter country code for this unit?
    • Is CN = CompanyName or Firstname Lastname, OU=DeparmentName, O=CompanyName, L=City, ST=State, C=CountryCode correct?
    • Enter key password for <server>:
  2. The above command will create a Java keystore file called keystore.jks
  3. To make the CSR from the keystore, run the command prompt below:

keytool -certreq -alias server -file csr.csr -keystore keystore.jks
Enter keystore password:

Note: The keystore password is the same password you created in step 2.

  1. The above command will create the CSR and private key and saves as a .csr file and a .jks file.
  2. Copy the newly generated CSR and include the header -----BEGIN NEW CERTIFICATE REQUEST---- and footer -----END NEW CERTIFICATE REQUEST----- tags.
  3. Login to your account
  4. Locate your Incomplete Order
  5. Click Generate Cert Now
  6. Select the option to Create a link
  7. Click the link
  8. Select Java as your Code Signing Certificate Type
  9. Continue and paste in your CSR
  10. Complete the remaining enrollment steps
  11. Congrats! You now have an Order Number

After you complete the validation process and receive the trusted Code Signing Certificate from the issuing Certificate Authority, please proceed with the next step using our Code Signing signing Instructions.