Install Java and set up a path to the bin folder under your Java root if you haven't done so already.
Run the following commands from a command prompt (go to start menu and choose run, then type in cmd and hit enter to get a command prompt window).
_________________________________
Side note: These are the instructions on the Network Solutions web site including generating the request using RSA which according to Java defaults to MD5 signature algorithm.
In generating a public/private key pair, the signature algorithm (-sigalg option) is derived from the algorithm of the underlying private key: If the underlying private key is of type "DSA", the -sigalg option defaults to "SHA1withDSA", and if the underlying private key is of type "RSA", -sigalg defaults to "MD5withRSA". Please consult the Java Cryptography Architecture API Specification & Reference for a full list of -keyalg and -sigalg you can choose from.
MD5 is less secure than SHA and was a recent hack demonstrating how to spoof certain SSL certificates using MD5. Network Solutions says the CSR is generated using MD5 but doesn't matter because the certificate is signed using SHA1.
_________________________________
You can change the names below in red to whatever you want.
1. Go to the directory where you want to create the keystore file.
2. Type the following:
keytool -keystore mykeystore -alias mykeyalias -genkey -keyalg RSA
3. Answer the following questions. Make sure it matches what you put in your domain name registration. The full domain name is entered at the first and last name prompt (oddly enough). For example:
Enter keystore password: password
What is your first and last name?
[Unknown]: your.domainname.com
What is the name of your organizational unit?
[Unknown]: Whatever
What is the name of your organization?
[Unknown]: Your Company Name Here
What is the name of your City or Locality?
[Unknown]: Seattle
What is the name of your State or Province?
[Unknown]: WA
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=your.domainname.com, OU=Whatever, O=Your Company Name Here,
L=Unknown, ST=Unknown, C=Unknown correct?
[no]: yes
Enter key password for
(RETURN if same as keystore password): supersecretpassword
Save the above information because you will need to type it in exactly if you ever need to recreate the certificate.
4. Type the following to generate a certificate request (CSR) file. The contents of this file will be given to the SSL Certificate Authority to generate a trusted certificate:
keytool -certreq -alias mykeyalias -keystore mykeystore -file myrequest.csr
5. Copy the contents of myrequest.csr and provide it to your certificate authority.
6. The certificate authority will give you back one or more files which you then need to import back into your keystore (in the order and according to the directions you get from your certficate authority). The command will look something like this:
keytool -keystore mykeystore -import -mykeyalias jetty -file mynewcert.crt -trustcacerts
More: Java Keytool
