What is CSR?
This is the primary step in applying for an SSL certificate. You need to generate a certificate signing request (CSR) for the web site's domain name you want to secure and It is a block of encrypted code containing information regarding your business, as well as your public key.
Step 1: Create a Keystore
keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore your_site_name.jks
Create a Password
Create a password and keep it safe.
Note: You will require this password in your Tomcat configuration file and then use it to generate your CSR and to import your certificate.
Enter your certificate information, When prompted for the first and last name, type the Fully Qualified Domain Name (FQDN) for the site you are securing with this certificate (e.g., abc.yourdomain.com).
Enter your Organization information.
Verify your information, type y or yes to confirm.
When asked for a "key password", press enter to use the password you just created for the Keystore file.
Step 2: Generate a Certificate Signing Request (CSR) from newly created Keystore
keytool -certreq -alias server -file csr.txt -keystore your_site_name.jks
Copy the text, including the ---BEGIN NEW CERTIFICATE REQUEST--- and ---END NEW CERTIFICATE REQUEST--- to generate the certificate.