PKI Tutorials - Herong's Tutorial Examples - Version 2.10, by Dr. Herong Yang
Generating a CSR (Certificate Signing Request)
This section provides a tutorial example on how to generate a CSR (Certificate Signing Request) using the JDK 'keytool' command.
Following the tutorial in the previous section, Amy is ready for the next step:
Step 2 - Amy needs to use a tool to generate a CSR (Certificate Signing Request). I will ask her to use the JDK 'keytool' command do this.
Amy runs the 'keytool' command shown below:
>keytool -certreq -alias amy@xyz.com -keystore amy.jks -storepass AmyJKS -file amy_xyz_com.csr
Amy opens her CSR file in a text editor:
-----BEGIN NEW CERTIFICATE REQUEST----- MIICdTCCAjMCAQAwcDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bj... BxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEUMB... YW15QHh5ei5jb20wggG4MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLu... 70QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5... u6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAc... FSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQ... 1FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+i... JDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhQACgYEA77VmLkWcKM... 80M6tw9hHl0MjW11jdrWrJ7is+BiXi0gRhzMZ92//UL+dpBWTlm/ndaIv6TOFIlQwM... o821h9b21OAOzUrtMT79gW6uUsoqc+zqagPNo89MUpcE7PqX8EO601f4bzmINFHBpE... ADALBgcqhkjOOAQDBQADLwAwLAIUXTSPMHfumn233o7iZ1o0sAR8bSICFBGkTVLqYY... FSTGHW8G -----END NEW CERTIFICATE REQUEST-----
Amy sends me her CSR file via email.
Done. Amy waits for me to verify her identity and issue her personal certificate.
Last update: 2011.
Table of Contents
Introduction of PKI (Public Key Infrastructure)
Introduction of HTTPS (Hypertext Transfer Protocol Secure)
Using HTTPS with Google Chrome
Using HTTPS with Mozilla Firefox
HTTPS with IE (Internet Explorer)
Perl Scripts Communicating with HTTPS Servers
PHP Scripts Communicating with HTTPS Servers
Java Programs Communicating with HTTPS Servers
Windows Certificate Stores and Console
.NET Programs Communicating with HTTPS Servers
CAcert.org - Root CA Offering Free Certificates
►PKI CA Administration - Issuing Certificates
Requesting and Signing Personal Certificate
Generating a Private-Public Key Pair for Amy
►Generating a CSR (Certificate Signing Request)
Verifying Requester's Email Address
Exporting a Private Key from a KeyStore File
Signing a CSR into a Certificate
Importing Certificate Reply Back to KeyStore
"bad decrypt:./crypto/evp/evp_enc.c:461" Error
Requesting and Signing Server Certificate
Comodo Free Personal Certificate
Digital Signature - Microsoft Word
Digital Signature - OpenOffice.org 3