Create and Submit a Certificate Signing Request

This procedure uses the Java keytool utility to create a Certificate Signing Request (CSR) from an existing keystore.

Before you begin

To create and submit a Certificate Signing Request

  1. Use the -certreq option to generate a certificate request. This generates a Certificate Signing Request, using the PKCS#10 format. For example:

    keytool -v -certreq -alias filexpress -keystore newkeystore.jks -file cert_request.csr -ext ExtendedkeyUsage=serverAuth -storetype JCEKS

  2. Enter your keystore password when prompted.
  3. You will see a message saying that the certificate request has been saved to the file you specified (cert_request.csr in this example).
  4. Submit this CSR to your CA. You will need the contents of the CSR file. Open the file in a text editor. The contents should include a header and footer with encoded data between them. When you submit the request, copy the entire file, including the BEGIN and END lines.

    -----BEGIN CERTIFICATE REQUEST-----

    <encoded data>

    -----END CERTIFICATE REQUEST-----