Quick Guide to Generate a CSR Through Java KeyStore for a Java Code Signing Certificate
A Java code signing certificate is important to avoid annoying warning messages like “Unknown Publisher” or “Application Blocked by Java Security” and to protect your brand reputation. Java Code Signing Certificates from trusted CAs (like Sectigo) allow developers to sign all types of java applications, applets, and JAR files to help users know that application is from a trusted source.
What Is a Certificate Signing Request?
After you purchase a Java Code Signing certificate, you’ll need to undergo a certain process to get your certificate issued. One of the first steps you’ll need to complete is to generate a CSR file. Creating a CSR will export two different files:
- One is provided to the CA during enrollment—it includes your public key and organization details.
- The other file is the private key, which is kept with the applicant and shouldn’t be shared with anyone. It’s required later, during the installation/signing process.
Before you move ahead with generating a CSR, be sure that you’ve installed JDK (Java Development Kit) on the server or local computer you’re using.
Here’s How to Generate a CSR for a Java Code Signing Certificate Through Java KeyStore
Follow the instructions below to create a Java Keystore File and CSR.
Command Prompt Instructions With Java Keytool
For making a keystore and key file, run the below command:
keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore keystore.jks
When Prompted, Fill Below Information:
Enter keystore password:
Re-enter new password:
What is your first and last name?
What is the name of your organization unit?
What is the name of your organization?
What is the name of your City or Locality?
What is the name of your State or Province?
What is the two-letter country code for this unit?
Is CN = CompanyName or Firstname Lastname, OU=DeparmentName, O=CompanyName, L=City, ST=State, C=CountryCode correct?
Enter key password for :
Once you add all the requested information, your Java keystore file called keystore.jks will be created.
Prompt for CSR
For creating a CSR through the keystore, run the below command:
keytool -certreq -alias server -file csr.csr -keystore keystore.jks
Now, enter your keystore password
The keystore password you enter here is the same you entered in step 2.
Once you complete the above steps, a CSR, along with the private key, will be created and saved as a .jks file and a .csr file.
Now, all you’re left to do is generating an order so you can move further. For that, follow the below steps:
- Copy that newly generated CSR and copy it from beginning till the end:
—–BEGIN NEW CERTIFICATE REQUEST—- and
—–END NEW CERTIFICATE REQUEST—–
- Login to your account (where you purchased your certificate.)
- Find your incomplete order.
- Now, click the button Generate Certificate.
- Now, select Create a link option.
- Click on the link.
- For Code Signing Certificate Type, select the option Java.
- Paste your generated CSR.
- Now, complete the other enrollment process.
- Your Order Number has been generated.
Once you complete your validation process and get your Java Code Signing certificate issued, you can proceed further to complete validation and issue your certificate.
Regardless of where you purchased your Java code signing certificate from, you can generate a CSR through Java Keystore using the above steps. Also, once you’re done generating CSR, you’ll be required to provide all the required information according to the CA’s guidelines for verifying your organization, such as organization registration details.