"keytool -certreq" Command Examples - Certificate Signing Request

Q

How to use the "keytool -certreq" command? I have have created a new pair of public key and private key and want to send the public key to the certificate authority to sign it.

✍: FYIcenter.com

A

Here is an example of using "keytool -certreq" command to generate a Certificate Signing Request (CSR) for the public key stored in the default keystore file:

C:\Users\fyicenter>"\Program Files\java\jre7\bin\keytool" -certreq
-storepass FYIcenter -alias 2ndkey -file 2nd_cert_req.csr

C:\Users\fyicenter>type 2nd_cert_req.csr
-----BEGIN NEW CERTIFICATE REQUEST-----
MIICUTCCAg8CAQAwHDEaMBgGA1UEAxMRamFyLmZ5aWNlbnRlci5jb20wggG4MIIBLAYHKoZIzjgE
ATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow
9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVU
E1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps9
3su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbh
PBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVk
AUw7/s9JKgOBhQACgYEAjAAB3mnwz68kJTcwYKRXzEZIuYdOtdfmtSg3oORQptx7fyxyn3DqIrOM
UjwrvT0/c54Pz3yL7fDx1bgZYVgKtuynCoqG5+YkEObukeFB3xYgcP4XnWmFuTkQA/nZJu7HZTEt
20TzER2keDO5NmLBiyEp8UzsJcD6cmhYeM3aXCWgMDAuBgkqhkiG9w0BCQ4xITAfMB0GA1UdDgQW
BBRyXNJ31NA6uTOwG+74LYSHMlgr2zALBgcqhkjOOAQDBQADLwAwLAIUM8ShUKS7vw9pRhvVvTGe
kX8SpTgCFCabY3yhdzysTZORqqcJpKWLY1kk
-----END NEW CERTIFICATE REQUEST-----

What the "keytool -certreq" command shown above did for you:

  • Open the default keystore file in your home folder: C:\Users\fyicenter\.keystore.
  • Read the public key from the "PrivateKeyEntry" entry with alias of "2ndkey" in the keystore.
  • Put the public key in a Certificate Signing Request (CSR) and save it in a file of "2nd_cert_req.csr".

Note that the CSR file was saved in PEM format (Base64 encoded binary file).

2012-07-20, 7009👍, 0💬