This documentation is for WSO2 Carbon 4.2.0. View documentation for the latest release.
Page Comparison - Creating New Keystores (v.5 vs v.6) - Carbon 4.2.0 - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Execute the following command to generate the CSR:

    Code Block
    languagepowershell
    keytool -certreq -alias certalias -file newcertreq.csr -keystore newkeystore.jks
    Note

    As mentioned before, use the same alias here that you used during the keystore creation process.

    You will be asked to give the keystore password. Once the password is given, the command will output the newcertreq.csr file to the <PRODUCT_HOME>/repository/resources/security/ directory. This is the CSR which you must submit to a CA.

  2. Now you must provide this CSR file to the CA. For testing purposes, try the 90 days trial SSL certificate from Comodo.

    Note

    It is preferable to have a wildcard certificate or multiple domain certificates if you wish to have multiple subdomains like gateway.thilinasampledomain.org, publisher.thilinasampledomain.org, identity.thilinasampledomain.org, etc., for the deployment. For such requirements you must modify the CRS request by adding subject alternative names. Most of the SSL providers give instructions to generate the CSR in such cases.

  3. After accepting the request, a signed certificate is provided along with several intermediate certificates (depending on the CA) as a bundle (.zip).

    Panel
    titleSample certificates provided by the CA (Comodo)

    The Root certificate of the CA: AddTrustExternalCARoot.crt 
    Intermediate certificates:  COMODORSAAddTrustCA.crt , COMODORSADomainValidationSecureServerCA.crt 
    SSL Certificate signed by CA: test_sampleapp_org.crt

...