Using Keytool, follow these steps to generate a keystore and CSR on your server.

To Generate a Keystore and CSR in Tomcat

1. Enter the following command into keytool to create a keystore:
        keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore

1. Enter a Password. The default is changeit.
2. Enter Distinguished Information:
   • First and Last Name — The fully-qualified domain name, or URL, you’re securing. If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *.coolexample.com.
   • Organizational Unit — Optional. If applicable, you can enter the DBA name in this field.
   • Organization — The full legal name of your organization. The listed organization must be the legal registrant of the domain name in the certificate request. If you are enrolling as an individual, please enter the certificate requestor’s name in Organization, and the DBA (doing business as) name in Organizational Unit.
   • City/Locality — Name of the city in which your organization is registered/located — do not abbreviate.
   • State/Province — Name of state or province where your organization is located — do not abbreviate.
   • Country Code — The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered.
3. Enter the following command into keytool to create a CSR:
   keytool -certreq -keyalg RSA -alias tomcat -file csr.csr -keystore tomcat.keystore
4. Enter the Password you provided in Step 2.
5. Open the CSR file, and copy all of the text, including
   ----BEGIN NEW CERTIFICATE REQUEST----and----END CERTIFICATE REQUEST----
6. Paste all of the text into the online request form and complete your application.

After you submit the application, we begin vetting your request. You will receive an email with more information when this process is complete.