...
The results show 1 entry with the alias name mywebservices which contains a single element, a self-signed certificate which is soley there to generate the CSR.
Generate the CSR (Certificate Service Request)
In this step we generate the request for the SSL certificate.
| Code Block | ||
|---|---|---|
| ||
# Generate the CSR (Certificate Service Request)
keytool -certreq -keyalg RSA -alias mywebservices -file mywebservices.csr -keystore mywebservices.bin
# It is important that the cert files be in the webapps directory
mv mywebservices.* /opt/apache-tomcat-6.0.18/webapps/ |
Now submit your mywebservices.csr to the CA (Certificate Authority).
Note: There is usally a web form to fill out in this step as you upload the contents. One note here is that if you are creating a public website you should choose a cert type that supports an alias. As such your cert will then be able to support the base domain name and the base domain prefixed by www. For example, you generate the certificate with the name "mywebservice.myapp.mycompany.com" and as you fill in the form you should use "www.mywebservice.myapp.mycompany.com"
Your CA will return a certificate (your keystore file signed by the CA). Depending on the signer they may use different names so it can be confusing. For example the Entrust CA calls your certificate the "Webserver Certificate" even though in this example we are putting this on an application server. In our example we are provided the CA signed certificate as plain text which we then store in a text file calling it mywebservices-signe.cer. Here is what the contents of the plain text might look like,