Sun Java System WS is a Java-based web server, so it means that CSR generation can be performed in two ways: using SJS web interface (Server Certificate Wizard) or using shell commands (keytool).
To generate CSR via the Sun Java System WebServer certificate wizard, follow the steps below:
Select a configuration from the configuration list for which you need to install the certificate. Configuration name can be either your domain name, a hostname or a server name (e.g. localhost if created and addressed in LAN only)
After the configuration is selected, click Next.
Select the token (Cryptographic Device) which contains the keys. A security token (or sometimes authentication token, USB token, cryptographic token, software token) may be a physical device that an authorized user of computer services is given to ease authentication. Choose “internal” as the private key must be stored on the server only.
Selecting other than “internal” will cause the private key to be saved elsewhere preventing the certificate from further installation.
In this form, data embedded in the signing request should be filled. Use only alphanumeric characters. Otherwise, the CSR can be rejected by a Certificate Authority. Note that:
Server Name (CN): the domain that you would like to have the certificate for (FQDN only). For Wildcard certificate, use *.example.com. More information can be found here.
Organization (O): your company legal business name - necessary for Organization Validation and Extended Validation certificates (for Domain Validation - ‘NA’ can be used)
Locality (L): the city you or your company is situated in.
State (ST): state or province.
Country (C): name of your country and two-digit ISO compliant country code that can be chosen from the drop-down list.
After the form is filled, click Next.
Here, you are required to provide the key information. For key type, you can choose RSA or ECC. If the key type is RSA, the key size should be at least 2048 (standard recommended key size). If your key type is ECC, you will also need to select a curve.
For further details about ECC (ECDSA cryptographic algorithm), refer to this article.
You can choose those curves from the dropdown: prime256v1 (elliptic curve), secp384r1 (elliptic curve) or secp521r1. However, keep in mind that curve 521 is not supported by Chromium engine - SSL certificates will show errors in Chromium-based browsers.
More information can be found here.
Select the Certificate Signing Authority (CSA) for the certificate (Self-signed or CA signed). Select CA signed only.
Your generated CSR can be used during the activation. The activation guide can be found here.
After that, the issued certificate can be installed using this guide.
II. Using keytool utility.
To generate a CSR using keytool, you need to:
keytool -genkey -alias < keystore alias > -keyalg RSA -keysize 2048 -keystore < keystore name > .jks -storepass < keystore password >
keystore alias, keystore name, keystore password should be replaced with your own details.
Default keystore alias is mykey, keystore name is keystore.jks, and the password - chageit.
keytool -certreq -alias < keystore alias > -file < your CSR file name >.csr -keystore < keystore name >.jks
You can open that file using Notepad or TextEdit or using a shell text editor like nano or vi. Use the CSR in the certificate activation.
The issued certificate can be installed with the help of this guide.