picture of tbs certificates
picture of tbs certificates
Our products range

Generate a CSR for Tomcat

NOTE: the following instructions can be applied if your Tomcat is compiled with JSSE. Tomcat latest versions can use Apache APR library: in that case, follow the instructions Generate a CSR for Apache. To make sure you are using APR, look for the "TOMCAT/bin/tcnative-1.dll" dll under Windows; the "" libraries under Linux and the "" in "TOMCAT/native/lib". If so, then APR is available.

Do not ever use an existing keystore file: create a new one
keytool -genkey -keyalg RSA -keysize 2048 -alias tomcat -keystore [keystorename]
Define a password for your keystore. Then fill in the fields:

Whatyour first and last name?
What is the name of your organizational unit?
  [Unknown]:  test
What is the name of your organization?
  [Unknown]:  Your organization name
What is the name of your City or Locality?
  [Unknown]:  Paris
What is the name of your State or Province?
  [Unknown]:  Paris
What is the two-letter country code for this unit?
  [Unknown]:  FR

Is, OU=test, O=Your organization name, L=Paris, ST=Paris, C=FR correct?
  [no]:  yes
Define a password for this key, press ENTER to use the same password you defined for your keystore:

Enter key password for <keystorename>
The keystore has been created. Check with:

keytool -list -keystore [keystorename]
Make a backup copy of you keystore created in the JDK/bin directory or in the current directory.

2- Generate a CSR

keytool -certreq -alias tomcat -keyalg  RSA -file mon.csr -keystore [keystorename]

Enter Keystore password:
The CSR will be stored in JDK/bin and will look like:


3- Finalize the order process

  • Use the appropriate link to place your order on our website. See Access an order form
  • Copy/Paste the content of the file my.csr in the form.

Useful links