CSR Generation Instruction - Java Web Server
An Important Note Before You Start
By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use the certificate we issue to you and will need to request a free reissue. To ensure this never happens, we advise that a backup of the private key file is made and that a note is made of the password that is used to protect the export of the private key.
To generate a CSR in Java Web Server follow the instructions below:
1. At the command line, go to the server root directory, and then change down to subdirectory bin. Run the command authstore.
2. Use the ImportCA button to import the Thawte CA root keys. The root certificate is located at the following link: http://www.wosign.com/Root/index.htm
After you install the CA Root you should shutdown your server and restart your workstation.
3. Now use the Create button to generate a self-signed certificate. Note: Default parameters are suggested for the first key generated. You will need to fill out following information:
Fully qualified hostname
The domain name of the server, for example, www.mycompany.com , as it will appear in the secure URL. It is important that what you put here is in the URL's that link to your server.
Your department within your company, such as Marketing
Your full organization or company name
The city where your company is located, such as Redmond or Toronto.
State or region
For example Washington, Alberta, California, and so on. Within the USA your two letter state code is adequate.
Two letter country code
Two letter ISO Country designation, for example, US, CA, AU, UK, and so on. Make sure that both letters are in UPPER CASE.
4. You will need to provide a passphrase for use whenever you decrypt the data in the keystore.
5. Now use the Request button to generate a "Certificate Signing Request" (CSR). Take the CSR and submit it through our forms-based interface here.
6. Please take note of your passphrase and back up your new keys at
If you do not do this, you risk an extra fee if this key is lost, or cannot be accessed.
7. After your certificate is issued, get the certificate in "Standard Format", and use Import button in authstore to import this new certificate into your Java Web Server. Restart your server.
Start the certificate request process
To submit the CSR to WoSign for processing you should start the certificate enrollment process.