Generate a CSR (certificate signing request) for an SSL certificate
Generate a CSR using Java Keytool
The Java Keytool is a command line tool which generates public key / private key pairs and stores them in a Java KeyStore. The
keytool executable is distributed with the Java SDK (or JRE). To execute it, open a command line (cmd, console, shell etc.). and change directory to the bin directory.
keytool and press Enter for a set of commands and assorted instructions.
Create a New Keystore
Use the keytool command to create your new key-CSR pairing. Enter the following:
keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore yourdomain.jks
‘Yourdomain’ is the name of the domain you are securing. Confirm that the information is correct by entering ‘yes’ when prompted.
Next you will be asked for your password to confirm.
Generate a CSR with your New Keystore
keytool to create the CSR by entering the following:
keytool -certreq -alias server -keyalg RSA -file yourdomain.csr -keystore yourdomain.jks
Enter the keystore password.
Microsoft Management Console [Windows]
Add certificate(s) to MMC
In your Windows search feature, enter mmc. Click it to launch the Microsoft Management Console application.
From File, click Add/Remove Snap-in.
Click Certificates and then click Add.
Select Computer account, and then click Next.
Select Local computer, and then click Finish.
Generate CSR and private key
From the left-hand menu in the MMC, expand Certificates (Local Computer) and then Personal. Right-click Certificates and navigate to the following menus: All Tasks > Advanced Operations > Create Custom Request.
Click Active Directory Enrollment Policy.
From Template, click Web Server. Make sure that the Request format is PKCS #10 and click Next.
Click the downward-facing arrow next to Details and then select Properties.
Navigate to the Subject tab. From the Type menu, select the following values, enter the relevant values and select Add. For example:
Common name: URL [
Organization: Your Organization
Click the General tab and enter a Friendly name for the certificate.
Go to the Private Key tab. From the Key options drop-down, select Make private key exportable. Click OK and then click Next.
Browse for the location where you want to save the file. Enter a File Name and click Finish.