WoSign技术支持：Tomcat 和 J2EE Application Server Web服务器SSL证书的证书请求文件(CSR)生成指南

首页

产品简介

产品价格

服务器SSL证书产品

SGC超真SSL

超真SSL

超快SSL

代码签名证书产品

客户端数字证书产品

PKI(CA)托管产品

超管CA-企业版

超管CA-RA版

各类产品分网站

VeriSign产品

Thawte产品

GeoTrust产品

微软代码签名证书

Java代码签名证书

移动代码签名证书

超真SSL证书

SGC超真SSL证书

超快SSL证书

EV SSL证书

客户端证书

首页

技术支持

SSL证书请求文件(CSR)生成指南 - Tomcat 和 J2EE Application Server

重要注意事项 An Important Note Before You Start

在生成CSR文件时同时生成您的私钥，如果您丢了私钥或忘了私钥密码，则颁发证书给您后不能安装成功！您必须重新生成私钥和CSR文件，免费重新颁发新的证书。为了避免此情况的发生，请在生成CSR后一定要备份私钥文件和记住私钥密码，最好是在收到证书之前不要再动服务器。
By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use the certificate we issue to you and will need to request a free reissue. To ensure this never happens, we advise that a backup of the private key file is made and that a note is made of the password that is used to protect the export of the private key.

您可以使用"keytool"来生成私钥和CSR文件，如果您的服务器上没有安装keytool,请先下载安装：
The utility "keytool" that you use to generate the private key (keyEntry) and CSR comes with the Sun JDK toolkit. If you do not have JDK installed please download it from the following link: http://java.sun.com/J2SE/downloads.html,We recommend that the latest version be used, which is 1.5.0.

以下为生成 keystore 和 keyentry 指南，Tomcat 支持 JKS 和 PKCS#12 格式的 keystore，JKS 格式是标准的 “Java Keystore”格式，使用 keytool 命令产生；而 PKCS#12 格式则可以通过使用Openssl中的转换工具转换而成。本指南仅指keytool方式的JKS格式。 The following sequence of commands will generate a keystore and keyEntry. Tomcat currently supports JKS and PKCS#12 format keystores. The JKS format is Java's standard "Java KeyStore" format, and is the format generated by the keytool command-line utility which is packaged in the JDK kit. The PKCS#12 format is a general format which can be converted using the Openssl toolkit. The following instructions make use of keytool only.

1. 生成 keystore 和 keyEntry， Generate a keystore and keyEntry

请使用以下命令，并参考下图： Please type the following command at the prompt:

keytool -genkey -alias [keyEntry_name] -keyalg RSA -keystore [keystore_name]

请注意：如果您不指定一个 keystore 名称(不使用参数 -keystore)，则 keystore 文件将保存在您的用户目录中(如：C:\Documents and Settings\your name\.keystore)，文件名为：.keystore
Note: If you do not specify a keystore (-keystore omitted from the command) name, the keystore will be saved to your local profile directory as a .keystore file (i.e C:\Documents and Settings\your name\.keystore)

系统会提示您输入 keystore 密码，缺省密码为：changeit，