知識庫

在 Sun Java System Web Server 7.x 產生 CSR

Sun Java System WS is a Java-based web server, so it means that CSR generation can be performed in two ways: using SJS web interface (Server Certificate Wizard) or using shell commands (keytool).

I. Wizard

II. Keytool

I. Wizard.

To generate CSR via the Sun Java System WebServer certificate wizard, follow the steps below:

  1. Click Server Certificates tab > Request button.
  2. Select Configuration.

    Select a configuration from the configuration list for which you need to install the certificate. Configuration name can be either your domain name, a hostname or a server name (e.g. localhost if created and addressed in LAN only)

    sun_sws_csr_01

    After the configuration is selected, click 'Next'

  3. Select Tokens

    Select the token (Cryptographic Device) which contains the keys. A security token (or sometimes authentication token, USB token, cryptographic token, software token) may be a physical device that an authorized user of computer services is given to ease authentication. ?hoose 'internal' as the private key must be stored on the server only.
    Selecting other than 'internal' will cause the private key to be saved elsewhere preventing the certificate from further installation.
    Click 'Next'.

    sun_sws_csr_02

  4. Enter Details

    In this form, data embedded in the signing request should be filled. Use only alphanumeric characters. Otherwise, the CSR can be rejected by a Certificate Authority. Note that:

    Server Name (CN): the domain that you would like to have the certificate for (FQDN only). For Wildcard certificate, use *.example.com. More information can be found here.

    Organization (O): your company legal business name - necessary for Organization Validation and Extended Validation certificates (for Domain Validation - 'NA' can be used)

    Locality (L): the city you or your company is situated in.

    State (ST): state or province.

    Country (C): name of your country and two-digit ISO compliant country code that can be chosen from the drop-down list.

    After the form is filled, click 'Next'

    sun_sws_csr_03

  5. Choose Certificate Options

    Here, you are required to provide the key information. For key type, you can choose RSA or ECC. If the key type is RSA, the key size should be at least 2048 (standard recommended key size). If your key type is ECC, you will also need to select a curve.

    For further details about ECC (ECDSA cryptographic algorithm), refer to this article.

    You can choose those curves from the dropdown: prime256v1 (elliptic curve), secp384r1 (elliptic curve) or secp521r1. However, keep in mind that curve 521 is not supported by Chromium engine - SSL certificates will show errors in Chromium-based browsers.
    More information can be found here.

    sun_sws_csr_04

  6. Select Certificate Type

    Select the Certificate Signing Authority (CSA) for the certificate (Self-signed or CA signed). Select CA signed only.

    sun_sws_csr_05

  7. Once the button "Next" is clicked, press "Finish".
    You should be provided with a Certificate Signing Request in base64-encoded text format.

    Your generated CSR can be used during the activation.

    After that, the issued certificate can be installed using this guide.

II. Using keytool utility.

To generate a CSR using keytool, you need to:

  1. Run the following command in your CLI (command line interface):

    keytool -genkey -alias < keystore alias > -keyalg RSA -keysize 2048 -keystore < keystore name > .jks -storepass < keystore password >

    sun_sws_csr_06

    keystore alias, keystore name, keystore password should be replaced with your own details.

    Default keystore alias is mykey, keystore name is keystore.jks, and the password - chageit.

  2. Keytool will ask you the information needed for CSR generation. Fill the needed information like it was explained earlier and the key will be created along with the entered data.
  3. Run the next command to generate the CSR for the certificate activation:

    keytool -certreq -alias < keystore alias > -file < your CSR file name >.csr -keystore < keystore name >.jks

  4. After executing this command and entering the keystore password, the CSR can be found in .csr file.

    You can open that file using Notepad or TextEdit or using a shell text editor like nano or vi. Use the CSR in the certificate activation.

    The issued certificate can be installed with the help of this guide.