Creating a Certificate Request

 1. Create a local certificate (as described in the previous section).

Note You must enter the domain of your website in the fields First and Last name in order to create a working certificate.

 2. Create the CSR with this commandon windows:

keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore " C:\Program Files\Cisco Systems\dcm\jboss-4.2.2.GA\server\fm\conf\fmserver.jks"

Now you have a file called certreq.csr. The file is encoded in PEM format. You can submit it to the certificate authority. You can find instructions for submitting the file on the Certificate Authority website.

 3. After you have your certificate, you can import it into your local keystore. You must first import a Chain Certificate or Root Certificate into your keystore. You can then import your certificate.

 4. Download a Chain Certificate from the Certificate Authority where you obtained the certificate:

 • For Verisign.com commercial certificates, go to this URL:

http://www.verisign.com/support/install/intermediate.html

 • For Verisign.com trial certificates, go to this URL:

http://www.verisign.com/support/verisign-intermediate-ca/Trial_Secure_Server_Root/index.html

 • For Trustcenter.de, go to this URL:

http://www.trustcenter.de/certservices/cacerts/en/en.htm#server

 • For Thawte.com, go to this URL:

http://www.thawte.com/certs/trustmap.html

 • Import the Chain Certificate into your keystore by entering the keytool -import -alias root -keystore " C:\Program Files\Cisco Systems\dcm\jboss-4.2.2.GA\server\fm\conf\fmserver.jks" -trustcacerts -file filename_of_the_chain_certificate command.

 • Import the new certificate in X509 format by entering the keytool -import -alias tomcat -keystore " C:\Program Files\Cisco Systems\dcm\jboss-4.2.2.GA\server\fm\conf\fmserver.jks" -trustcacerts -file your_certificate_filename command.