How do I generate a CSR in Tomcat using Keytool?


How do I generate a CSR in Tomcat using Keytool?


In most cases, Tomcat relies on a Java KeyStore file (*.jks) to store the Root Certificate, Intermediate Certificate, Private, and Public key.  This file acts as a certificate container or a mini version of a certificate root store. 

The easiest way to create the Java KeyStore file (and corresponding CSR/private key) is to use Java Keytool, using command line.  To make the process easier on you, QuoVadis provides a tool within its PKI Widgets web site to create custom command lines for Keytool.

The QuoVadis Java Keytool Command Tool can be found at

Complete the form found on this page and then click on the Generate Command button.

A new page will load with a Command Line: field that has been populated with the script you will need to run.

Highlight the entire command and paste it into your terminal.

Note: This command will only work on a terminal that has the Keytool command available.  In most cases, this will be your server; however there can be instances where Java is installed locally on a user machine.  If Java Keytool is installed on your user machine then be sure to keep track of the Java KeyStore file for future installation.

When the process completes, Java Keytool will create two files: *.jks (your keystore file) and *.csr (your Certificate Signing Request).

Once you have received these files, you should submit the CSR to QuoVadis.

Add Feedback