To Generate a Certificate Signing Request (CSR) from your SHRINE keystore
Please run the following command:
$ keytool -certreq -alias $KEYSTORE_ALIAS -keyalg RSA -file $KEYSTORE_ALIAS.csr -keypass $KEYSTORE_PASSWORD -storepass $KEYSTORE_PASSWORD -keystore $KEYSTORE_FILE
This will create a file called $KEYSTORE_ALIAS.csr .
The most common reason for rejection of a CSR is an invalid CN value. The CN of a certificate should match the publicly-accessible hostname of the machine that will use the certificate. Using other values can cause problems with verifying the identity of that host. You should likewise avoid using an actual IP address as the CN.
Check the CN of your CSR file before sending by running this command:
$ openssl req -in $KEYSTORE_ALIAS.csr -subject -noout
Send the CSR file to the hub administrator.
The hub administrator will review the CSR and check for validity.
After the CSR is validated, the Hub administrator will sign the request and send back the signed certificate in the form of a $KEYSTORE_ALIAS.crt file.