This article will describe the process of generating a CSR code for the GlassFish instance using the “keytool” utility. Basically, one will need to create a keystore with a private key firstly, and then based on the keystore, a CSR code can be generated.
To create a keystore, the following command can be used:
keytool -genkey -keysize 2048 -keyalg RSA -alias [your_alias] -keystore [your_keystore].jks
[your_alias] and [your_keystore] parameters should be replaced with custom values in order to identify the keystore file in future:
Let’s take a look at the questions asked during the process:
NOTE: The password of the newly created keystore must match the Glassfish master password, since the master password is used to access the certificate keystore. The default master password is “changeit” and can be changed with the help of the “change-master-password” subcommand.
If the information specified in all the fields is correct, type in “yes” as the answer to the prompted question and press Enter. When the key password is asked, enter the new password to protect the private key inside the keystore or just press Enter to leave the key password the same as the keystore password.
Once the keystore and private key are generated, the CSR code can be created using the following command:
keytool -certreq -alias [your_alias] -file [your_csr].csr -keystore [your_keystore].jks
Make sure that you specify the same values as in the previous command for [your_alias] and [your_keystore] parameters. [your_csr] should be changed to a custom value as well. When the command above is executed, [your_csr].csr file will be created. You can open it in a text editor or in the command prompt and use the plain text code enclosed with ------BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- tags for the certificate activation.