首页>技术支持>SSL证书请求文件(CSR)生成指南 - Jetty Java HTTP Servlet Web Server

SSL证书请求文件(CSR)生成指南 - Jetty Java HTTP Servlet Web Server

重要注意事项 An Important Note Before You Start

在生成CSR文件时同时生成您的私钥,如果您丢了私钥或忘了私钥密码,则颁发证书给您后不能安装成功!您必须重新生成私钥和CSR文件,免费重新颁发新的证书。为了避免此情况的发生,请在生成CSR后一定要备份私钥文件和记住私钥密码,最好是在收到证书之前不要再动服务器。

By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use the certificate we issue to you and will need to request a free reissue. To ensure this never happens, we advise that a backup of the private key file is made and that a note is made of the password that is used to protect the export of the private key.

To generate a CSR for Jetty Java HTTP Servlet Web Server follow the instructions below:

1. Generate a Keystore and a Keyentry (Private Key):

Using the JDK Tool, Keytool, used by Protekt.

keytool -genkey -keyalg RSA -keystore [keystore_name_here] -alias [keyentry_name_here]

Choose a password for the Keystore and enter it when prompted to do so.

Enter keystore password: password

What is your first and last name?

[Unknown]: www.yourdomainnamehere.com

What is the name of your organizational unit?

[Unknown]: Your Organizational Unit Here

What is the name of your organization?

[Unknown]: Your Organization Name Here

What is the name of your City or Locality?

[Unknown]: Your City or Locality Here

What is the name of your State or Province?

[Unknown]: Your State or Province Here

What is the two-letter country code for this unit?

[Unknown]: US

Is CN=www.yourdomainnamehere.com, OU=Your Organizational Unit Here, O=Your Organization Name Here, L=Your City or Locality Here, ST=Your State or Province Here, C=US correct?

[no]: yes

Enter key password for

(RETURN if same as keystore password):

You can either specify the same password you set on the keystore or specify a different password.

Note that a Keystore and a Keyentry has just been created. The Keystore will be stored in your JDK/bin directory (used by Protekt). Create a copy of the Keystore file and store it on a removable disk for safe keeping in case of a server crash.

Please run the following command to make sure that you can read the file and view the Keyentry:

keytool -list -keystore [keystore_name_here]

2. Backup Keystore file:

To backup the keystore file with the keyentry just created, please refer to the following the manual.

3. Generate a CSR off the Keyentry:

keytool -certreq -Keystore [Keystore_name_here] -alias [Keyentry_name_here] -file [csr_name_here]

Enter keystore password: password

Locate the CSR file as you will require it in the step that follows.

测试CSR和把CSR发给WoSign, Start the certificate request process

生成CSR后,建议您自己测试一下生成的CSR文件是否正确,请点击 这里 测试您的CSR文件。请把测试成功的CSR文件发给WoSign即可。请一定不要再动您的服务器,等待证书的颁发。

To submit the CSR to WoSign for processing you should start the certificate enrollment process.