Generate a Certificate Signing Request (CSR)
Jakarta-Tomcat
Follow these instructions to generate a CSR for your Web site.
When you have completed this process, click the "close" button below
to close this window and continue to the next step.
If you are not using JDK 1.4 or higher, you must download and install
"Java Secure Socket Extensions" JSSE.
- Generate a private key with the following command:
$JAVA_HOME/bin/keytool -genkey -alias
tomcat -keyalg RSA -keystore /path/to/domainname.kdb
You will be prompted for a password.
Tomcat uses a default password of "changeit". If you use
a different password, you will need to specify a custom password
in the server.xml configuration file.
The next field that you will be prompted
for is "What is your first and last name?" At this prompt,
you must specify the common name (FQDN) of your web site.
You will then be prompted for your organizational
unit, organization, etc.
- Generate the Certificate Signing
Request (CSR)
$JAVA_HOME/bin/keytool -certreq -alias
tomcat -keystore /path/to/keystore.kdb -file filename.csr
You will not be prompted for the common
name, organization, etc. The keytool will use the values that you
specify when generating the private key.
- Copy the Certificate Signing Request and send to Equifax.
(Go through steps for purchasing a certificate and paste
your certificate request in block when prompted)
**** Be sure to include -----BEGIN NEW CERTIFICATE REQUEST-----
and -----END NEW CERTIFICATE REQUEST-----
- Make a backup of the keystore.kdb key database. GeoTrust is
not responsible if your server crashes and this file is lost.
Certificate Replacement Policy
GeoTrust
will replace, revoke, and refund certificates that have been issued
within seven (7) days of the certificate issue date. If you need
a new certificate after seven days, you will be responsible for
purchasing a new server certificate.
|
