Knowledge Base

CSR generation on a GlassFish application server

This article will describe the process of generating a CSR code for the GlassFish instance using the 'keytool' utility. Basically, one will need to create a keystore with a private key firstly, and then based on the keystore, a CSR code can be generated.

To create a keystore, the following command can be used:

keytool -genkey -keysize 2048 -keyalg RSA -alias [your_alias] -keystore [your_keystore].jks

[your_alias] and [your_keystore] parameters should be replaced with custom values in order to identify the keystore file in future:

glass1

Let's take a look at the questions asked during the process:

  • Enter keystore password - this is the password to protect the keystore from tampering.
  • NOTE: The password of the newly created keystore must match the Glassfish master password, since the master password is used to access the certificate keystore. The default master password is 'changeit' and can be changed with the help of the 'change-master-password' subcommand.

  • What is your first and last name - the domain name for the SSL certificate needs to be specified here - do not enter your own credentials.
  • What is the name of your organization unit - the name of the company department the certificate is going to be issued for. It can be, for example, 'IT', 'Sales', etc. or just 'NA'.
  • What is the name of your organization - the field for the company name. If there is no company, 'NA' can be entered.
  • What is the name of your City or Locality; what is the name of your State or Province; what is the two-letter country code for this unit - these fields should be filled in with the city name, state name and 2-letter country code respectively. The country code must comply with the ISO standards and can be checked here.

If the information specified in all the fields is correct, type in 'yes' as the answer to the prompted question and press Enter. When the key password is asked, enter the new password to protect the private key inside the keystore or just press Enter to leave the key password the same as the keystore password.

Once the keystore and private key are generated, the CSR code can be created using the following command:

keytool -certreq -alias [your_alias] -file [your_csr].csr -keystore [your_keystore].jks

Make sure that you specify the same values as in the previous command for [your_alias] and [your_keystore] parameters. [your_csr] should be changed to a custom value as well. When the command above is executed, [your_csr].csr file will be created. You can open it in a text editor or in the command prompt and use the plain text code enclosed with ------BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- tags for the certificate activation.

glass2