Articles in Root

Share Via Email

How do I generate a CSR for JBOSS using Keytool?

Problem

How do I generate a CSR in JBOSS using Keytool?

Solution

In most cases, JBOSS relies on a Java KeyStore file (*.jks) to store the Root Certificate, Intermediate Certificate, Private, and Public key.  This file acts as a certificate container or a mini version of a certificate root store.

The easiest way to create the Java KeyStore file (and corresponding CSR/private key) is to use Java Keytool, using command line.  To make the process easier on you, QuoVadis provides a tool within its PKI Widgets web site to create custom command lines for Keytool.

The QuoVadis Java Keytool Command Tool can be found at https://pkiwidgets.quovadisglobal.com/scriptgen/keytool.aspx.

Complete the form found on this page and then click on the Generate Command button.

A new page will load with a Command Line: field that has been populated with the script you will need to run.

Highlight the entire command and paste it into your terminal.

Note: This command will only work on a terminal that has the Keytool command available.  In most cases, this will be your server; however there can be instances where Java is installed locally on a user machine.  If Java Keytool is installed on your user machine then be sure to keep track of the Java KeyStore file for future installation.

When the process completes, Java Keytool will create two files: *.jks (your keystore file) and *.csr (your Certificate Signing Request).

Individual Commands

If you wish to edit the commands yourself, then you can use the following commands:

keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore [Common Name].jks -dname "CN=[Common Name], OU=[organisationunit], O=[organisation], L=[town/city], ST=[state/province], C=[GB]"

keytool -certreq -alias server -file [Common Name].csr -keystore [Common Name].jks

The first command generates a new Java KeyStore file with a private key and the second command creates a CSR from the same private key.

Note: Each parameter in [ ] must be changed (excluding the [ ]) to match your scenario.  Example: -keystore [common name].jks could be -keystore www.quovadisglobal.com.jks

Once you have received these files, you should submit the CSR to QuoVadis.

Legal


DigiCert is the world’s premier provider of high-assurance digital certificates—providing trusted SSL, private and managed PKI deployments, and device certificates for the emerging IoT market. Since our founding almost fifteen years ago, we’ve been driven by the idea of finding a better way. A better way to provide authentication on the internet. A better way to tailor solutions to our customer’s needs.

© 2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.