Articles in Root

How do I generate a CSR for JBOSS using Keytool?


How do I generate a CSR in JBOSS using Keytool?


In most cases, JBOSS relies on a Java KeyStore file (*.jks) to store the Root Certificate, Intermediate Certificate, Private, and Public key.  This file acts as a certificate container or a mini version of a certificate root store.

The easiest way to create the Java KeyStore file (and corresponding CSR/private key) is to use Java Keytool, using command line.  To make the process easier on you, QuoVadis provides a tool within its PKI Widgets web site to create custom command lines for Keytool.

The QuoVadis Java Keytool Command Tool can be found at

Complete the form found on this page and then click on the Generate Command button.

A new page will load with a Command Line: field that has been populated with the script you will need to run.

Highlight the entire command and paste it into your terminal.

Note: This command will only work on a terminal that has the Keytool command available.  In most cases, this will be your server; however there can be instances where Java is installed locally on a user machine.  If Java Keytool is installed on your user machine then be sure to keep track of the Java KeyStore file for future installation.

When the process completes, Java Keytool will create two files: *.jks (your keystore file) and *.csr (your Certificate Signing Request).

Individual Commands

If you wish to edit the commands yourself, then you can use the following commands:

keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore [Common Name].jks -dname "CN=[Common Name], OU=[organisationunit], O=[organisation], L=[town/city], ST=[state/province], C=[GB]"

keytool -certreq -alias server -file [Common Name].csr -keystore [Common Name].jks

The first command generates a new Java KeyStore file with a private key and the second command creates a CSR from the same private key.

Note: Each parameter in [ ] must be changed (excluding the [ ]) to match your scenario.  Example: -keystore [common name].jks could be -keystore

Once you have received these files, you should submit the CSR to QuoVadis.