NOTE: A key length of 1024 bit is the default, but Thawte recommends the use of a 2048 bit key.
If the request is intended for an Extended Validation certificate or a certificate with a validity period beyond December 31, 2013, the 2048 bit key length will need to be selected. 

To generate a CSR for Jetty Java HTTP Servlet Web Server follow the instructions below: 

  1. 1. Generate a Keystore and a Keyentry (Private Key):

    Using the JDK Tool, Keytool, used by Protekt.
    keytool -genkey -keyalg RSA -keystore [keystore_name_here] -alias [keyentry_name_here]
    Choose a password for the Keystore and enter it when prompted to do so.
    Enter keystore password:  password
    What is your first and last name?  [Unknown]:
    What is the name of your organizational unit?  [Unknown]:  Your Organizational Unit Here
    What is the name of your organization?  [Unknown]:  Your Organization Name Here
    What is the name of your City or Locality?  [Unknown]:  Your City or Locality Here
    What is the name of your State or Province?  [Unknown]:  Your State or Province Here
    What is the two-letter country code for this unit?  [Unknown]:  US
    Is, OU=Your Organizational Unit Here, O=Your Organization Name Here, L=Your City or Locality Here, ST=Your State or Province Here, C=US correct? [no]: yes
    Enter key password for <keyentry_name_here>
    (RETURN if same as keystore password):
    You can either specify the same password you set on the keystore or specify a different password.
    NOTE: A Keystore and a Keyentry has just been created. The Keystore will be stored in your JDK/bin directory (used by Protekt).
    Create a copy of the Keystore file and store it on a removable disk for safe keeping in case of a server crash.
    Please run the following command to make sure that you can read the file and view the Keyentry:
    keytool -list -keystore [keystore_name_here]

  2. Backup Keystore file:
    To backup the keystore file with the keyentry just created, please refer to the following solution: SO1871
  3. Generate a CSR off the Keyentry:
    keytool -certreq -Keystore [Keystore_name_here] -alias [Keyentry_name_here] -file [csr_name_here] 
    Enter keystore password:  password
    Locate the CSR file as you will require it in the step that follows.
  4. Submit the CSR to our online enrollment process:
    To submit your CSR for a Certificate through the Retail Channel, please see the following solution: SO4555
    To submit your CSR for a Certificate through the SPKI Program, please see the following solution: SO457
    To submit your CSR for a Certificate through the ISP Program, please see the following solution: SO446
  5. Download issued Certificate in PKCS#7 Format:
    When you receive the Certificate, copy and paste it in a Notepad file and name the file. For example: 'jetty_thawtecert'
    For instructions on how to import the Certificate into the Keystore, please see the following solution: SO1622
Was this answer helpful? 0 Users Found This Useful (0 Votes)