How do I use the Keytool tool to generate certificate KeyStore and certificate signing request files?

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Note: This guidance applies to the following types of servers:

Apache Tomcat

Java Web Servers

When requesting a server certificate, the user needs to provide a certificate signing request file (CSR). A CSR file is an encrypted data file generated from your server that contains your company information and Web server information.

First, create a certificate KeyStore

Keytool-genkey-alias-keyalg rsa–keysize 2048-keystore

Important:

! When creating, you must develop your keystore location;

! If you are renewing your certificate, you must create a new key pair and keystore;

! Create your CSR and install your certificate, when you use it to create a self-signed keystore, use the same alias.

For example:

c:\> keytool-genkey-alias myalias-keysize 2048-keyalg rsa-keystore c:\.mykeystore

Enter KeyStore Password: password (Please enter the password to protect the certificate key)

What is your first and last name? Please enter a domain name, for example: www.etsec.com.cn

What is your organizational unit name? Please enter the unit name, such as: Beijing etsec Marvell Co.,ltd.

What is your organization's name? Please enter the department name, such as: IT Dept

What is the name of your city or region? Enter the name of the city, such as: Beijing

What is the name of your state or province? Enter the province name, such as: Beijing

What is the two-letter country code for the unit? China Please enter CN

cn=www.etsec.com.cn, ou= Beijing etsec, O=it, l= Beijing, st= Beijing, is c=cn correct? Enter Y

Enter the master password (if same as the KeyStore password, press ENTER): Press ENTER

Be sure to remember the password you entered, and note that when you generate a CSR, it is used in part 2nd.

Ii. generate a Certificate signing request (CSR)

1. Keytool-certreq-keyalg Rsa-alias-file Certreq.csr-keystore

Important:

! Create your CSR and install your certificate, when you use it to create a self-signed keystore, use the same alias.

For example:

C:\>keytool-certreq-keyalg Rsa-alias myalias-file Certreq.txt-keystore c:\.mykeystore

Enter KeyStore Password:

2. Open the Generate CSR file certreq.txt. This CSR file appears as follows:

-----BEGIN NEW Certificate REQUEST-----
Miibujccasmcaqawejelmakga1uebhmcq0exedaobgnvbagtb09udgfyaw8xdzanbgnvbactbk90
Dgf3yteqma4ga1uechmhrw50cnvzddetmbega1uecxmkrw50cnvzdcbduzehmb8ga1ueaxmyd3d3

5w6t+q/f+widaqaboaawdqyjkozihvcnaqeebqadgyeaf+0hqaqxumz/vgrzgvhkhlnxd7hw3ezs
Gibiucoy1yddc/1zcqrpu3utyiz6welk++l+qjlbl6p5rjjetkklkxjb/wvfajnupl7yob9pbwa7
Jbrcckbfj+kzdnbghcr1rgfa9vqj5vob41vj+k+tqchliutll9rfxndhrtgtmta=
-----End NEW Certificate REQUEST-----

Article Source: http://www.etsec.com.cn/service/guide/guide-ssl-141.html