SSL证书请求文件(CSR)生成指南 - Java Web Server
重要注意事项 An Important Note Before You Start
在生成CSR文件时同时生成您的私钥,如果您丢了私钥或忘了私钥密码,则颁发证书给您后不能安装成功!您必须重新生成私钥和CSR文件,免费重新颁发新的证书。为了避免此情况的发生,请在生成CSR后一定要备份私钥文件和记住私钥密码,最好是在收到证书之前不要再动服务器。
By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use the certificate we issue to you and will need to request a free reissue. To ensure this never happens, we advise that a backup of the private key file is made and that a note is made of the password that is used to protect the export of the private key.
To generate a CSR in Java Web Server follow the instructions below:
1. At the command line, go to the server root directory, and then change down to subdirectory bin. Run the command authstore.
2. Use the ImportCA button to import the Thawte CA root keys. The root certificate is located at the following link: http://www.wosign.com/Root/index.htm
After you install the CA Root you should shutdown your server and restart your workstation.
3. Now use the Create button to generate a self-signed certificate. Note: Default parameters are suggested for the first key generated. You will need to fill out following information:
Fully qualified hostname
The domain name of the server, for example, www.mycompany.com , as it will appear in the secure URL. It is important that what you put here is in the URL's that link to your server.
Department
Your department within your company, such as Marketing
Organization
Your full organization or company name
City
The city where your company is located, such as Redmond or Toronto.
State or region
For example Washington, Alberta, California, and so on. Within the USA your two letter state code is adequate.
Two letter country code
Two letter ISO Country designation, for example, US, CA, AU, UK, and so on. Make sure that both letters are in UPPER CASE.
4. You will need to provide a passphrase for use whenever you decrypt the data in the keystore.
5. Now use the Request button to generate a "Certificate Signing Request" (CSR). Take the CSR and submit it through our forms-based interface here.
6. Please take note of your passphrase and back up your new keys at
If you do not do this, you risk an extra fee if this key is lost, or cannot be accessed.
7. After your certificate is issued, get the certificate in "Standard Format", and use Import button in authstore to import this new certificate into your Java Web Server. Restart your server.
测试CSR和把CSR发给WoSign, Start the certificate request process
生成CSR后,建议您自己测试一下生成的CSR文件是否正确,请点击 这里 测试您的CSR文件。请把测试成功的CSR文件发给WoSign即可。请一定不要再动您的服务器,等待证书的颁发。
To submit the CSR to WoSign for processing you should start the certificate enrollment process.