Resolution
NOTE: A key length of 1024 bit is the default, but Thawte recommends the use of a 2048 bit key.
If the request is intended for an Extended Validation certificate or a certificate with a validity period beyond December 31, 2013, the 2048 bit key length will need to be selected.
To generate a CSR for Jetty Java HTTP Servlet Web Server follow the instructions below:
- 1. Generate a Keystore and a Keyentry (Private Key):
Using the JDK Tool, Keytool, used by Protekt.
keytool -genkey -keyalg RSA -keystore [keystore_name_here] -alias [keyentry_name_here]
Choose a password for the Keystore and enter it when prompted to do so.
Enter keystore password: password
What is your first and last name? [Unknown]: www.yourdomainnamehere.com
What is the name of your organizational unit? [Unknown]: Your Organizational Unit Here
What is the name of your organization? [Unknown]: Your Organization Name Here
What is the name of your City or Locality? [Unknown]: Your City or Locality Here
What is the name of your State or Province? [Unknown]: Your State or Province Here
What is the two-letter country code for this unit? [Unknown]: US
Is CN=www.yourdomainnamehere.com, OU=Your Organizational Unit Here, O=Your Organization Name Here, L=Your City or Locality Here, ST=Your State or Province Here, C=US correct? [no]: yes
Enter key password for <keyentry_name_here>
(RETURN if same as keystore password):
You can either specify the same password you set on the keystore or specify a different password.
NOTE: A Keystore and a Keyentry has just been created. The Keystore will be stored in your JDK/bin directory (used by Protekt).
Create a copy of the Keystore file and store it on a removable disk for safe keeping in case of a server crash.
Please run the following command to make sure that you can read the file and view the Keyentry:
keytool -list -keystore [keystore_name_here] - Backup Keystore file:
To backup the keystore file with the keyentry just created, please refer to the following solution: SO1871 - Generate a CSR off the Keyentry:
keytool -certreq -Keystore [Keystore_name_here] -alias [Keyentry_name_here] -file [csr_name_here]
Enter keystore password: password
Locate the CSR file as you will require it in the step that follows. - Submit the CSR to our online enrollment process:
To submit your CSR for a Certificate through the Retail Channel, please see the following solution: SO4555
To submit your CSR for a Certificate through the SPKI Program, please see the following solution: SO457
To submit your CSR for a Certificate through the ISP Program, please see the following solution: SO446 - Download issued Certificate in PKCS#7 Format:
When you receive the Certificate, copy and paste it in a Notepad file and name the file. For example: 'jetty_thawtecert'
For instructions on how to import the Certificate into the Keystore, please see the following solution: SO1622