Create and Submit a Certificate Signing Request

This procedure uses the Java keytool utility to create a Certificate Signing Request (CSR) from an existing keystore.

Before you begin

To create and submit a Certificate Signing Request

  1. Use the -certreq option to generate a certificate request. This generates a Certificate Signing Request, using the PKCS#10 format. For example:

    keytool -v -certreq -alias gateway -providername BCFIPS -providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath ../bc-fips-1.0.1.jar  -keystore newkeystore.bcfks -file cert_request.csr -ext ExtendedkeyUsage=serverAuth -storetype BCFKS
  2. Enter your keystore password when prompted.

  3. You will see a message saying that the certificate request has been saved to the file you specified (cert_request.csr in this example).

  4. Submit this CSR to your CA. You will need the contents of the CSR file. Open the file in a text editor. The contents should include a header and footer with encoded data between them. When you submit the request, copy the entire file, including the BEGIN and END lines.

    -----BEGIN CERTIFICATE REQUEST-----

    <encoded data>

    -----END CERTIFICATE REQUEST-----