首页>技术支持>SSL证书请求文件(CSR)生成指南 - Jetty Java HTTP Servlet Web Server

SSL证书请求文件(CSR)生成指南 - Jetty Java HTTP Servlet Web Server

重要注意事项 An Important Note Before You Start


By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use the certificate we issue to you and will need to request a free reissue. To ensure this never happens, we advise that a backup of the private key file is made and that a note is made of the password that is used to protect the export of the private key.

To generate a CSR for Jetty Java HTTP Servlet Web Server follow the instructions below:

1. Generate a Keystore and a Keyentry (Private Key):

Using the JDK Tool, Keytool, used by Protekt.

keytool -genkey -keyalg RSA -keystore [keystore_name_here] -alias [keyentry_name_here]

Choose a password for the Keystore and enter it when prompted to do so.

Enter keystore password: password

What is your first and last name?

[Unknown]: www.yourdomainnamehere.com

What is the name of your organizational unit?

[Unknown]: Your Organizational Unit Here

What is the name of your organization?

[Unknown]: Your Organization Name Here

What is the name of your City or Locality?

[Unknown]: Your City or Locality Here

What is the name of your State or Province?

[Unknown]: Your State or Province Here

What is the two-letter country code for this unit?

[Unknown]: US

Is CN=www.yourdomainnamehere.com, OU=Your Organizational Unit Here, O=Your Organization Name Here, L=Your City or Locality Here, ST=Your State or Province Here, C=US correct?

[no]: yes

Enter key password for

(RETURN if same as keystore password):

You can either specify the same password you set on the keystore or specify a different password.

Note that a Keystore and a Keyentry has just been created. The Keystore will be stored in your JDK/bin directory (used by Protekt). Create a copy of the Keystore file and store it on a removable disk for safe keeping in case of a server crash.

Please run the following command to make sure that you can read the file and view the Keyentry:

keytool -list -keystore [keystore_name_here]

2. Backup Keystore file:

To backup the keystore file with the keyentry just created, please refer to the following the manual.

3. Generate a CSR off the Keyentry:

keytool -certreq -Keystore [Keystore_name_here] -alias [Keyentry_name_here] -file [csr_name_here]

Enter keystore password: password

Locate the CSR file as you will require it in the step that follows.

测试CSR和把CSR发给WoSign, Start the certificate request process

生成CSR后,建议您自己测试一下生成的CSR文件是否正确,请点击 这里 测试您的CSR文件。请把测试成功的CSR文件发给WoSign即可。请一定不要再动您的服务器,等待证书的颁发。

To submit the CSR to WoSign for processing you should start the certificate enrollment process.