Java Code Signing: Generate a CSR

To request a code signing certificate, you have to provide us a certificate signing request (CSR) generated from the machine you'll use to sign the code. We'll use the information in this file to validate your request and provide the information to anyone downloading your code.

Note: You must generate the CSR from your local machine and not from the web server you're using to host the file.

Windows-only preparation

If you use Windows, you must complete the following steps before generating your CSR.

  1. Run cmd as an administrator.
  2. Move to your JDK installation's bin directory:
    cd C:\Program Files\java\jdkversion number\bin

Create a keystore

To store your public and private keys (used to sign your code), you must create a keystore. You'll use this repeatedly throughout the code signing certificate request and installation process.

  1. Create a keystore called codesignstore:
    keytool -genkey -alias codesigncert -keyalg RSA -keysize 2048 -keystore codesignstore
  2. Complete the information requested from you at the command prompt. There are a few important things to note:
    • It's important that this information is consistent with everything else you plan to use in your request.
    • Note your keystore's password because you must have it to sign your Java code.

Generate a CSR

Now, use your keystore to create your certificate signing request (which you will use to request the certificate you purchased from Webbusiness.com).

  1. Generate your CSR:
    keytool -certreq -v -alias codesigncert -file mycsr.pem -keystore codesignstore
  2. Enter your keystore's password and press enter.
  3. Open your CSR. How you do that depends on your OS:
    OS Command
    Mac OS X
    nano mycsr.pem
    Windows
    start notepad "mycsr.pem"
  4. Copy your CSR, including the entirety of the lines containing BEGIN NEW CERTIFICATE REQUEST and END NEW CERTIFICATE REQUEST.

Next step