Sun Java System WS is a Java-based web server, so it means that CSR generation can be performed in two ways: using SJS web interface (Server Certificate Wizard) or using shell commands (keytool).
To generate CSR via the Sun Java System WebServer certificate wizard, follow the steps below:
- Click Server Certificates tab >> Request button.
- Select Configuration.
Select a configuration from the configuration list for which you need to install the certificate.
Configuration name can be either your domain name, a hostname or a server name (e.g. localhost if created and addressed in LAN only)
After the configuration is selected, click Next.
- Select Tokens.
Select the token (Cryptographic Device) which contains the keys. A security token (or sometimes authentication token, USB token, cryptographic token, software token) may be a physical device that an authorized user of computer services is given to ease authentication. ?hoose “internal” as the private key must be stored on the server only.
Selecting other than “internal” will cause the private key to be saved elsewhere preventing the certificate from further installation.
- Enter Details.
In this form, data embedded in the signing request should be filled. Use only alphanumeric characters. Otherwise, the CSR can be rejected by a Certificate Authority. Note that:
Server Name (CN): the domain that you would like to have the certificate for (FQDN only). For Wildcard certificate, use *.example.com. More information can be found here.
Organization (O): your company legal business name - necessary for Organization Validation and Extended Validation certificates (for Domain Validation - ‘NA’ can be used)
Locality (L): the city you or your company is situated in.
State (ST): state or province.
Country (C): name of your country and two-digit ISO compliant country code that can be chosen from the drop-down list.
After the form is filled, click Next.
- Choose Certificate Options.
Here, you are required to provide the key information. For key type, you can choose RSA or ECC. If the key type is RSA, the key size should be at least 2048 (standard recommended key size). If your key type is ECC, you will also need to select a curve.
For further details about ECC (ECDSA cryptographic algorithm), refer to this article.
You can choose those curves from the dropdown: prime256v1 (elliptic curve), secp384r1 (elliptic curve) or secp521r1. However, keep in mind that curve 521 is not supported by Chromium engine - SSL certificates will show errors in Chromium-based browsers.
More information can be found here.
- Select Certificate Type.
Select the Certificate Signing Authority (CSA) for the certificate (Self-signed or CA signed). Select CA signed only.
- Once Next is clicked, press Finish.
You should be provided with a Certificate Signing Request in base64-encoded text format.
Your generated CSR can be used during the activation. The activation guide can be found here.
After that, the issued certificate can be installed using this guide.