Ask a Question

Advanced Search

Solution ID : SO3186

Last Modified : 05/02/2018

Generate Keystore and CSR for Java Code Signing Certificate


Java 2 Software Development Kit (SDK) is recommended for generating a Certificate Signing Request (CSR) file that is required for enrolling and purchasing a Java Code Signing certificate.  Ensure you are using version 1.6.x or above.

Download page at:  Java SE Downloads

Perform the following steps to create a Keystore and generate a Certificate Signing Request (CSR) file:

Step 1 - Create Keystore:

Run the following command to create a key pair that will be generated with the Keystore:

NOTE:  2048 bit keysize is required.  Also note the Alias name created within this Keystore will store the private key in which the Java Code Signing certificate, when issued, must install to.

keytool -genkey -keyalg rsa -keystore <path_and_create_a_KeystoreFilename> -alias <create_Aliasname> -keysize 2048

When prompted, create a password for the Keystore being generated.

NOTE:  This password being created cannot be reset nor retrieved.  If this password is lost or forgotten, a new Keystore would need to be generated.

A series of questions will be asked which pertain to the information the Java Code Signing certificate will be issued to:

What is your first and last name (Common Name)?
  [Unknown]:  <enter your company name>

What is the name of your organizational unit?
  [Unknown]:  <this is typically used for a department or an identifying name>

What is the name of your organization?
  [Unknown]:  <use the same company name from above>

What is the name of your City or Locality?
  [Unknown]:  <enter the city of your company>

What is the name of your State or Province?
  [Unknown]:  <do not abbreviate. spell out the state where your company resides>

What is the two-letter country code for this unit?
  [Unknown]:  <enter a two-letter country code>


Step 2 - Generate CSR from Keystore:

Run the following command to generate the CSR based off the Keystore created from Step 1:

keytool -certreq -keystore <path_and_KeystoreFilename_from_step1> -alias <Aliasname_from_step1> -file <path_and_create_CSRFilename>.csr

When viewing the CSR file, open the file using a plain text editor only (Notepad or Vi) for enrollment and purchasing the Java Code Signing certificate.

NOTE:  Thawte recommends that a duplicate copy of the Keystore file be created at this point in the case of any future issues with the Keystore.