Follow these instructions to generate a CSR for your Web site. When you have completed this process, click the "close" button below to close this window and continue to the next step.
If you are not using JDK 1.4 or higher, you must download and install "Java Secure Socket Extensions" JSSE.
1. Generate a private key with the following command(使用如下命令生成私钥):
$JAVA_HOME/bin/keytool -genkey
-alias tomcat -keyalg RSA -keystore /path/to/domainname.kdb
注意:/path/to/就是您保存domainname.kdb文件的目录,domainname就是您使用SSL证书的网站的网址。
You will be prompted for a password.
Tomcat uses a default password of "changeit". If you use a different
password, you will need to specify a custom password in the server.xml
configuration file.
您将提示要输入密码,Tomcat使用缺省的密码"changeit",如果您希望使用其他密码,请修改配置文件server.xml。
The next field that you will be
prompted for is "What is your first and last name?" At this
prompt, you must specify the common name (FQDN) of your web site.
接着提示您输入公用名称,就是使用SSL证书的网站的网址,如:secure.domainname.com.
You will then be prompted for your
organizational unit, organization, etc.
接着提示您输入机构名称,也就是您的网站上对外显示的公司英文名称,用户访问此网站时点击右下方的锁标记
后会看到此机构名称,如果此名称与您的网站上对外显示的公司英文名称不一致,会影响用户的信心!
接着提示您输入英文部门名称、城市、省、国家(写cn)。
.2. Generate the Certificate Signing Request (CSR) (使用如下命令生成CSR)
$JAVA_HOME/bin/keytool -certreq
-alias tomcat -keystore /path/to/keystore.kdb -file filename.csr
注意:/path/to/就是您保存Ketstore.kdb文件的目录,filename.csr就是CSR文件的文件名。
You will not be prompted for the common
name, organization, etc. The keytool will use the values that you specify when
generating the private key.
此时不会显示要求输入网站公用名称,Keytool将直接使用您生成私钥时填写的信息。
3. Copy the Certificate Signing Request and send to WoTrust.
(Go through steps for purchasing a certificate and paste
your certificate request in block when prompted)
**** Be sure to include -----BEGIN NEW CERTIFICATE REQUEST-----
and -----END NEW CERTIFICATE REQUEST-----
请复制生成的CSR文件,注意是从“-----BEGIN NEW CERTIFICATE REQUEST-----”开始并包括,到“-----END NEW CERTIFICATE REQUEST-----”结束并包括。
把生成的CSR文件发给我们即可,Email: ssl[at]WoTrust.com 。
4. Make a backup of the keystore.kdb key database. GeoTrust is not responsible
if your server crashes and this file is lost.
注意:请一定要备份keystore.kdb 和 domianname.kdb 文件到其他安全的地方,以免系统重装时没有了私钥。
