1. Home
  2. Code Signing Certificate Support
  3. CSR Generation for Code Signing Certificates
  4. How to generate a Certificate Signing Request (CSR) via Java Keystore

How to generate a Certificate Signing Request (CSR) via Java Keystore

A CSR is encoded text that contains information about the certificate requester. This information includes, but is not limited to, the publisher name for the certificate (referred to as a “Common Name”), organization name (if applicable), and a contact email for the certificate. When creating a CSR it will export two files, these two files will be your CSR, which will be requested during enrollment, and a corresponding private key which should not be shared and will be required during installation.

Note: Before proceeding with the instructions below, confirm the Java Development Kit (JDK) is installed correctly on your server or local computer.

The following instructions will guide you through creating a Java Keystore File and CSR. If you already generated the CSR and received your trusted Code Signing Certificate, please click here for Code Signing downloading/exporting Instructions.

1. Run the Keystore prompt

To make a keystore and key file, run the command prompt below:

keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore keystore.jks

2. Enter the required information, when prompted

  • Enter keystore password:
  • Re-enter new password:
  • What is your first and last name?
  • What is the name of your organization unit?
  • What is the name of your organization?
  • What is the name of your City or Locality?
  • What is the name of your State or Province?
  • What is the two-letter country code for this unit?
  • Is CN = CompanyName or Firstname Lastname, OU=DeparmentName, O=CompanyName, L=City, ST=State, C=CountryCode correct?
  • Enter key password for <server>:

The above command will create a Java keystore file called keystore.jks

3. Run the CSR prompt

To make the CSR from the keystore, run the command prompt below:keytool -certreq -alias server -file csr.csr -keystore keystore.jks
Enter keystore password:

Note: The keystore password is the same password you created in step 2.

The above command will create the CSR and private key and saves as a .csr file and a .jks file.

4. Generate the order

  1. Copy the newly generated CSR and include the header —–BEGIN NEW CERTIFICATE REQUEST—- and footer —–END NEW CERTIFICATE REQUEST—– tags.
  2. Login to your account
  3. Locate your Incomplete Order
  4. Click Generate Cert Now
  5. Select the option to Create a link
  6. Click the link
  7. Select Java as your Code Signing Certificate Type
  8. Continue and paste in your CSR
  9. Complete the remaining enrollment steps
  10. Congrats! You now have an Order Number

 

After you complete the validation process and receive the trusted Code Signing Certificate from the issuing Certificate Authority, please click here and proceed to the next step of using our Code Signing Installation Instructions.

Updated on

Was this article helpful?

Related Articles