SyntaxFix

[ssl] How to add subject alernative name to ssl certs?

I'm using openssl to create self-signed certs. I'm getting this error with the certs I generated:

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present


Does anyone know how to specify "Subject alternative name" while creating a cert? This is how I'm generating a keystore:

sudo $JAVA_HOME/bin/keytool -genkey -dname "CN=192.168.x.xxx, OU=I, O=I, L=T, ST=On, C=CA" -alias tomcat -validity 3650 -keyalg RSA -keystore /root/.keystore -keypass abcd -storepass abcd

To generate a key:

 openssl s_client -connect 192.168.x.xxx:8443 2>/dev/null

Please help! Thanks!

This question is related to ssl ssl-certificate x509certificate keytool

The answer is

When generating CSR is possible to specify -ext attribute again to have it inserted in the CSR

keytool -certreq -file test.csr -keystore test.jks -alias testAlias -ext SAN=dns:test.example.com

complete example here: How to create CSR with SANs using keytool

Both IP and DNS can be specified with the keytool additional argument -ext SAN=dns:abc.com,ip:1.1.1.1

Example:

keytool -genkeypair -keystore <keystore> -dname "CN=test, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown" -keypass <keypwd> -storepass <storepass> -keyalg RSA -alias unknown -ext SAN=dns:test.abc.com,ip:1.1.1.1

Source: Stackoverflow.com

Examples related to ssl

Requests (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.") Error in PyCharm requesting website A fatal error occurred while creating a TLS client credential. The internal error state is 10013 curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number How to install OpenSSL in windows 10? ssl.SSLError: tlsv1 alert protocol version Invalid self signed SSL cert - "Subject Alternative Name Missing" "SSL certificate verify failed" using pip to install packages ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749) Powershell Invoke-WebRequest Fails with SSL/TLS Secure Channel "ssl module in Python is not available" when installing package with pip3

Examples related to ssl-certificate

How to install OpenSSL in windows 10? Scraping: SSL: CERTIFICATE_VERIFY_FAILED error for http://en.wikipedia.org Not able to install Python packages [SSL: TLSV1_ALERT_PROTOCOL_VERSION] Letsencrypt add domain to existing certificate javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure bypass invalid SSL certificate in .net core How to add Certificate Authority file in CentOS 7 How to use a client certificate to authenticate and authorize in a Web API This certificate has an invalid issuer Apple Push Services iOS9 getting error “an SSL error has occurred and a secure connection to the server cannot be made”

Examples related to x509certificate

Authentication failed because remote party has closed the transport stream curl: (60) SSL certificate problem: unable to get local issuer certificate How can I generate a self-signed certificate with SubjectAltName using OpenSSL? How does an SSL certificate chain bundle work? Importing the private-key/public-certificate pair in the Java KeyStore How to create a self-signed certificate with OpenSSL Error Importing SSL certificate : Not an X.509 Certificate What does the 'Z' mean in Unix timestamp '120314170138Z'? How to add subject alernative name to ssl certs? Export P7b file with all the certificate chain into CER file

Examples related to keytool

Keytool is not recognized as an internal or external command I have never set any passwords to my keystore and alias, so how are they created? Importing the private-key/public-certificate pair in the Java KeyStore keytool error bash: keytool: command not found How to add certificate chain to keystore? Change keystore password from no password to a non blank password How can I create keystore from an existing certificate (abc.crt) and abc.key files? Openssl is not recognized as an internal or external command How to properly import a selfsigned certificate into Java keystore that is available to all Java applications by default? Java Keytool error after importing certificate , "keytool error: java.io.FileNotFoundException & Access Denied"

Tags

About-box Class-template Nsmutablestring Getresponse Yetanotherforum Maple Usb-flash-drive Itunes Signed-assembly Moonlight Ping Authz Stage Node-xmpp Icons Insertion Coldfusion Scenegraph Iexternalizable Udb Abstract-methods Viewcontext Out-of-browser Yaml-cpp Polymorphic-associations Gsub Dreamhost Ikpicturetaker Dynamicmethod Text-to-speech Propertysheet Maintainability Activerecord-jdbc Thawte Minecraft Transitive-closure-table Whitespace Qtip User-defined-aggregate Dedicated Non-admin Image-processing Liskov-substitution-principle Feature-tracking Ocamlfind Webrequest Sysctl Galleryview Multiline Gpx Paypal-ipn Atomicboolean Nomachine-nx Toplink-essentials Breakpoints Morfik Zendx Avcapturesession Viewrendering Ios32 Fread Maven-deploy-plugin Uinavigationbar System-testing Logic Xulrunner Zeromq Docking Loaderlock Code128 Google-contacts-api Resque Nsinteger Quoting Nsthread Er-diagrams Osb Superview Fluentvalidation-2.0 Maildir Jprofiler Data-link-layer Textutils Ora-01036 Isolation-frameworks Streamwriter Information-architecture Finalizer Visual-studio Pathauto Asort Msxml Formencode Project-template Comma Shortcuts Xrm Rakefile Python-2.x Mdpi