When using keytool to generate a CSR file, does it have to be generated on the hosting server?
https://stackoverflow.com/questions/247220
-
05-07-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I was under the impression that I could run it on any machine, but a guy from our hosting company is saying that the csr has to be generated on the server hosting the site.
Can anyone clear this one up for me?
Thanks.
Solution
The bottom line is you do not need to generate CSRs on the server hosting an SSL certificate. A CSR is a CSR and you could actually generate it using something like OpenSSL and then import both the key and certificate once it is created into the keystore. The problem is that they probably don't understand now to get the key into the keychain. See if this KeyTool and OpenSSL tips helps.
OTHER TIPS
It's not entirely accurate. What does need to happen is the chain of key -> csr -> cert all needs to happen within the same keystore file. It is difficult to move key/cert in and out of the original keystore.
