Product Documentation

    The default location of the Java Keystore generated during the StrongKey Tellaro KeyAppliance installation is in following folder. This will be referred to as GLASSFISH_CONFIG.

    usr/local/strongauth/payara5/glassfish/domains/domain1/config/

     

    There are two options when generating the CSR. If you intend to use or are interested in using Subject Alternative Names, then continue to the "Subject Alternative Names (SAN)" section. If you do not intend to use Subject Alternative Names, then continue with this section.

     

    Generate a new Certificate Signing Request (CSR) from the existing Java keystore. certreq.csr represents the file name of the CSR.

    keytool -certreq -alias s1as -keyalg RSA -file certreq.csr -keystore GLASSFISH_CONFIG/keystore.jks

     

    When asked for the password to the keystore, use the password that was given to the keystore when it was generated in the StrongKey Tellaro KeyAppliance install script. By default, the password is “changeit”. After creating the certificate signing request, it can now be sent to an external CA to be signed.

     

    In order to view the CSR, use this command:

    keytool -printcertreq -file certreq.csr

    The results should look like this:

    PKCS #10 Certificate Request (Version 1.0)
    Subject: CN=test.strongkey.com, OU=StrongAuth KeyAppliance, O=StrongKey
    Format: X.509
    Public Key: 2048-bit RSA key
    Signature algorithm: SHA256withRSA

    Extension Request:

    #1: ObjectId: 2.5.29.14 Criticality=false
    SubjectKeyIdentifier [
    KeyIdentifier [
    0000: 2D A1 F4 90 5A 07 41 A0   BA B8 E7 36 BE 3A 33 6C   -...Z.A....6.:3l
    0010: 7D A9 5E F7                                         ..^.
    ]
    ]

     Once the Certificate Signing Request is generated, send it to your Certificate Authority service provider to have it signed. Upon receiving the signed certificate, continue on to "Importing the Certificate (JKS)".