Security configurationSet SSL/TLS in TomcatGenerate a certificate signing request (CSR)

Generate a certificate signing request (CSR)

  1. Create a new key-CSR pairing by entering the following command: 
    keytool -genkey -alias servercertificate -keyalg RSA -keysize 2048 -keystore servercert.jks
  2. Enter your DN information. When prompted to confirm, enter yes.
  3. Create a new CSR by entering the following password. 
    keytool -certreq -alias servercertificate -keyalg RSA -file yourdomain.csr -keystore servercert.jks
  4. Enter your keystore password.
  5. Send the CSR to your Certificate Authority (CA).
  6. Copy the servercert.jks file and rename the copy file as cacerts.jks.
  7. When you have received the cacert.pem and servercert.pem from your CA, run the following commands to import the certificates: 
    keytool -import -keystore cacerts.jks -alias cacert -file cacert.pem 

keytool -import -keystore servercert.jks -alias servercertificate -file servercert.pem