Certificate Signing Request (CSR)

Table of contents

1. Generate using Java Keytool
   1. Generate new keystore
   2. Generate CSR
   3. (Optional) Extract PEM file from keystore
      1. Create p12 file
      2. Create pem file

---

Generate using Java Keytool

Generate new keystore

keytool -genkey -keyalg rsa -keysize 2048

# To use basic info
keytool -genkey -keyalg rsa -keysize 2048 \
-dname "cn=${yourdomain}, o=default, c=us" \
-keystore ${keystore_name}.keystore

${yourdomain} must match exactly the domain name written in the SSL.

Change keyalg in all commands if you want to use a different algorithm.

Generate CSR

keytool -certreq -keyalg rsa -file ${csr_name}.csr -keystore ${keystore_name}.keystore

(Optional) Extract PEM file from keystore

Create p12 file

keytool -importkeystore -srckeystore ${keystore_name}.keystore \
-destkeystore ${keystore_name}.p12 -deststoretype PKCS12

Create pem file

openssl pkcs12 -in ${keystore_name}.p12 -nodes -nocerts -out ${keystore_name}.pem