1. Preparation:
Tomcat on Windows: Create the folder C: \ keystore, open the command prompt, switch to the directory Java / bin (you should use the latest Java version)
Tomcat on Linux: You must open the SSH connection to the server with root user, create a directory containing the keystore:
mkdir /usr/local/ssl/keystore
2. Create Keystore
Go to the directory Java / bin and type the following command:
- Windows:
keytool -genkey -keyalg RSA -alias tomcat -keystore c:\keystore\server.jks -keysize 2048
- Linux:
keytool -genkey -keyalg RSA -alias tomcat -keystore /usr/local/ssl/keystore/server.jks -keysize 2048
When asked the password, enter changeit (twice)
When asked "What is your first and last name?" then type in the domain name to buy SSL, for example www.domain.com
When asked "What is the name của organizational unit?" then type the IT Center
When asked "What is the name của organization?" then type in the name of the company (select the English or Vietnamese name) in the business registration certificate of the company. Note entered correctly each character
When asked "What is the name của City or Locality?" then type in Ho Chi Minh (the city where the company business registration, unsigned)
When asked "What is the name của State or Province?" then type in Ho Chi Minh (the province where the company name registration business, unsigned)
When asked "What is the two-letter country code for this unit?" then type VN (write letters)
When asked "Is CN = www.tencongty.com, OU = IT Center, O = company name, L = Ho Chi Minh, Ho Chi Minh ST =, C = VN correct?" then type yes
When asked "Enter key password for" then type in changeit.
3. Create CSR
- Windows:
keytool -certreq -alias tomcat -file c:\keystore\certreq.csr -keystore c:\keystore\server.jks
- Linux:
keytool -certreq -alias tomcat -file /usr/local/ssl/keystore/certreq.csr -keystore /usr/local/ssl/keystore/server.jks
When asked to enter a password is changeit
The system was created for the keystore CSR.
Open Notepad or Wordpad file with CSR, copy all and paste this tool can check the CSR is valid and correct: https://cryptoreport.websecurity.symantec.com/checker/views/csrCheck. jsp
Send the CSR file to VietNamHost to register, or pasted into CSR position in the online SSL registration form on the web VietNamHost.
4. Storage Keystore
From this point, the directory /usr/local/ssl/keystore (or C:\keystore) should be stored carefully in order to install the SSL digital certificates after receiving from CA.
See Instructions for installing SSL Certificate on Tomcat.
Tomcat / Java CSR video walkthrough