The default location of the Java Keystore generated during the StrongKey Tellaro KeyAppliance installation is in following folder. This will be referred to as GLASSFISH_CONFIG.
usr/local/strongauth/payara5/glassfish/domains/domain1/config/
There are two options when generating the CSR. If you intend to use or are interested in using Subject Alternative Names, then continue to the "Subject Alternative Names (SAN)" section. If you do not intend to use Subject Alternative Names, then continue with this section.
Generate a new Certificate Signing Request (CSR) from the existing Java keystore. certreq.csr represents the file name of the CSR.
keytool -certreq -alias s1as -keyalg RSA -file certreq.csr -keystore GLASSFISH_CONFIG/keystore.jks
When asked for the password to the keystore, use the password that was given to the keystore when it was generated in the StrongKey Tellaro KeyAppliance install script. By default, the password is “changeit”. After creating the certificate signing request, it can now be sent to an external CA to be signed.
In order to view the CSR, use this command:
keytool -printcertreq -file certreq.csr
The results should look like this:
PKCS #10 Certificate Request (Version 1.0)
Subject: CN=test.strongkey.com, OU=StrongAuth KeyAppliance, O=StrongKey
Format: X.509
Public Key: 2048-bit RSA key
Signature algorithm: SHA256withRSA
Extension Request:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 2D A1 F4 90 5A 07 41 A0 BA B8 E7 36 BE 3A 33 6C -...Z.A....6.:3l
0010: 7D A9 5E F7 ..^.
]
]
Once the Certificate Signing Request is generated, send it to your Certificate Authority service provider to have it signed. Upon receiving the signed certificate, continue on to "Importing the Certificate (JKS)".