Java Code Signing: Generate a CSR
To request a code signing certificate, you have to provide us a certificate signing request (CSR) generated from the machine you'll use to sign the code. We'll use the information in this file to validate your request and provide the information to anyone downloading your code.
Note: You must generate the CSR from your local machine and not from the web server you're using to host the file.
Windows-only preparation
If you use Windows, you must complete the following steps before generating your CSR.
- Run
cmdas an administrator. - Move to your JDK installation's
bindirectory:cd C:\Program Files\java\jdkversion number\bin
Create a keystore
To store your public and private keys (used to sign your code), you must create a keystore. You'll use this repeatedly throughout the code signing certificate request and installation process.
- Create a keystore called codesignstore:
keytool -genkey -alias codesigncert -keyalg RSA -keysize 2048 -keystore codesignstore
- Complete the information requested from you at the command prompt. There are a few important things to note:
- It's important that this information is consistent with everything else you plan to use in your request.
- Note your keystore's password because you must have it to sign your Java code.
Generate a CSR
Now, use your keystore to create your certificate signing request (which you will use to request the certificate you purchased from HostingDude.com).
- Generate your CSR:
keytool -certreq -v -alias codesigncert -file mycsr.pem -keystore codesignstore
- Enter your keystore's password and press enter.
- Open your CSR. How you do that depends on your OS:
OS Command Mac OS X nano mycsr.pem
Windows start notepad "mycsr.pem"
- Copy your CSR, including the entirety of the lines containing BEGIN NEW CERTIFICATE REQUEST and END NEW CERTIFICATE REQUEST.