To generate a Certificate Signing Request (CSR), you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match and a replacement has to be made.
BEA Weblogic 8.1 utilizes the java keytool command line utility to create the CSR and install the SSL certificate. GeoTrust recommends that you contact the BEA directly for additional information.
Step 1: Generate a Keystore and Private Key
NOTE: A key length of 1024 bit is the default, but GeoTrust recommends the use of a 2048 bit key.
- Create a certificate keystore and private key by executing the following keytool command:
Note: The keytool utility is located in your JDK’s “bin” directory
Note: For Extended Validation certificates or a certificate with a validity period beyond December 31, 2013 the key bit length must be 2048, add in the below command: -keysize 2048
keytool -genkey -alias <your_alias_name> -keyalg RSA -keystore <your_keystore_filename>
- Specify a password. The default value will be "changeit".
Step 2: Generate a CSR
The CSR is then created using the following command:
keytool -certreq -keyalg RSA -alias <your_alias_name> -file certreq.csr -keystore <your_keystore_filename>
Note: When generating a CSR, enter the domain of your website (i.e. www.geotrust.com) in the "first- and lastname" field.
To copy and paste the file certreq.csr into the enrollment form, open the file in a text editor that does not add extra characters (Notepad or Vi are recommended).
- Verify your installation with the GeoTrust Installation Checker