Generate CSR for SAN Certificate – Tomcat

This article assist you with step-by-step procedure to generate CSR for SAN Certificate (multiple domains) in Tomcat Server

Important Note: You need Java 7 as it has a Keytool with SAN (Subject Alternative Name) to certificates. The previous version of Java do not support this and you receive “illegal option: -ext” error when you try Keytool with -ext

1. Open Cmd

2. Navigate to the Java 7 installation directory, in my case – Windows 2008 and the installation directory is ‘C:\Program Files\Java\jre7\bin’

3. Execute

keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore e:\ssl_key\hackandsecure -ext

  • Specify any alias name, here I specified ‘server’
  • Keysize must be specified, otherwise keytool will generate a key which is 1024 bit and it doesnt meet the minimum requirement
  • For the question “What is your first and last name?”, enter the domain name that you need certificate and not your actual first and last name!

4. After entering all the details, you will notice that keystore is created in e:\ssl_key folder

5. Now generate CSR.

keytool -certreq -alias server -file e:\ssl_key\hackandsecure.csr -keystore e:\ssl_key\hackandsecure

Notice that I have used the another domain name whi

Leave a Reply