This procedure uses the Java keytool utility to create a Certificate Signing Request (CSR) from an existing keystore.
Before you begin
You need to know the keystore name, password, and alias you used when you created the keystore.
To create and submit a Certificate Signing Request
Use the -certreq option to generate a certificate request. This generates a Certificate Signing Request, using the PKCS#10 format. For example:
keytool -v -certreq -alias gateway -keystore newkeystore.jks -file cert_request.csr -ext ExtendedkeyUsage=serverAuth -storetype JCEKS
Enter your keystore password when prompted.
You will see a message saying that the certificate request has been saved to the file you specified (cert_request.csr in this example).
Submit this CSR to your CA. You will need the contents of the CSR file. Open the file in a text editor. The contents should include a header and footer with encoded data between them. When you submit the request, copy the entire file, including the BEGIN and END lines.
-----BEGIN CERTIFICATE REQUEST-----
<encoded data>
-----END CERTIFICATE REQUEST-----