CSR Creation for Tomcat Keystore SSL Certificates

If you already have your SSL Certificate and just need to install it, see
Tomcat Web Server SSL Certificate Installation.

How to generate a CSR in Tomcat with Keytool

**NOTE: You must generate a new keystore by following this process. If you try to install a new certificate to an old keystore your certificate will not work properly. Backup and remove any old keystores if necessary before beginning this process.

Recommended: Save yourself some time by using our new Java Keytool CSR Wizard to create your Tomcat SSL CSR. Just fill in the details, click Generate, and paste your customized keytool command into your terminal.

Preview of Keytool CSR Wizard

Of course if you prefer to build your own shell commands to generate your Tomcat CSR, just follow our old instructions below:

Create a New Keystore

  1. You will be using the keytool command to create and manage your new Keystore file. You may need to add the java /bin/ directory to your PATH before the keytool command is recognized. When you are ready to create your keystore go to the directory where you plan to manage your Keystore and certificates. Enter the following command:

    keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore your_site_name.jks

  2. You will be prompted to choose a password for your keystore. You will then be prompted to enter your Organization information.

    When it asks for first and last name, this is NOT your first and last name, but rather it is your Fully Qualified Domain Name for the site you are securing (example: www.yourdomain.com). If you are ordering a Wildcard Certificate this must begin with the * character. (example: *.yourdomain.com)

  3. After you have completed the required information confirm that the information is correct by entering 'y' or 'yes' when prompted. Next you will be asked for your password to confirm. Make sure to remember the password you choose.

    Your keystore file named your_site_name.jks is now created in your current working directory.

Generate a CSR from Your New Keystore

  1. Next, you will use keytool to create the Certificate Signing Request (CSR) from your Keystore. Enter the following command:

    keytool -certreq -alias server -file csr.txt -keystore your_site_name.jks

  2. Type the keystore password that you chose earlier and hit Enter.

  3. Your CSR file named csr.txt is now created in your current directory. Open the CSR with a text editor, and copy and paste the text (including the BEGIN and END tags) into the DigiCert web order form. Be careful to save the keystore file (your_site_name.jks) as your certificates will be installed to it later.

  4. After you receive your SSL Certificate from DigiCert, you can install it.

    See Tomcat Web Server SSL Certificate Installation.

Tomcat SSL Certificates, Guides, & Tutorials

Buy Now Learn More

Generating a CSR for Issuance of an SSL Certificate in Tomcat Keytool

How to generate an SSL Certificate Signing Request for your Tomcat Web Server.
Aprenda a hacer su CSR para Tomcat.

If you are ready to purchase your SSL Certificates, click the button above.