In order to create a new CSR, we should have a keystore file. Please follow Step A only if you need to create a new Keystore. If you already have a Keystore file you can jump to Step B
Please follow the below procedure mentioned:
Step A -- Create a new Keystore
1. Keytool command is used to create and manage a Keystore file. You may need to add the java /bin/ directory to your PATH before the keytool command is recognized. When you are ready to create your keystore go to the directory where you plan to manage your Keystore and certificates. Enter the following command in command prompt:
keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore your_site_name.keystore
2. You will be prompted to choose a password for your keystore. You will then be prompted to enter your Organization information.
3. When it asks for first and last name, this is NOT your first and last name, but rather it is your Fully Qualified Domain Name for the site you are securing (example: www.yourdomain.com). If you are ordering a Wildcard Certificate this must begin with the * character.
4. After you have completed the required information confirm that the information is correct by entering 'y' or 'yes' when prompted and then enter
5. Next you will be asked for key password for tomcat. Make sure to keep it same as keystore password i.e. press Enter.
6. Your keystore file named your_site_name.keystore is now created in your current working directory.
Step B-- Generate a new CSR from Keystore.
1. Use keytool to create the Certificate Signing Request (CSR) from your Keystore. Enter the following commands in the command prompt:
keytool -certreq -alias tomcat -file csr.txt -keystore your_site_name.keystore
keytool -certreq -alias tomcat -file your_site_name.csr -keystore your_site_name.keystore
2. Type the keystore password that you chose earlier and hit Enter.
3. Your CSR file named csr.txt is now created in your current directory. Send the CSR to the vendor from whom you plan to purchase the SSL certificate.
4. Be careful to save the keystore file (your_site_name.keystore) as your certificates will be installed to it later.