Keytool set hostname
Solution 1
CN=hostname - it's the first option you're being asked for here. It's confusing that keytool refers to it as "first and last name".
Solution 2
According to the section 3.1 "Server Identity" of RFC 2818 "HTTP over TLS", a client is supposed to compare the CN (Common Name) portion of the subject DN (Distinguished Name) in the server certificate to the DNS host name in the URL.
So use the Common Name (CN) for the hostname (the first question of the keytool).
Solution 3
Also good to use, SAN (Subject Alternative Name). keytool ...... -ext "SAN=DNS:"
SAN=IP: is also possible. Those entries will be checked again in hostname verification, too, and make it possible to have one certificate for your server, even if it hast more than one DNS name.
sixtyfootersdude
Updated on December 23, 2020Comments
-
sixtyfootersdude over 3 years
I am just attempting to use the java keytool but I cannot figure out how to set the hostname.
This is what is how I am attempting:
hostname[username:/this/is/a/path][640]% keytool -keystore server.keystore -genkeypair -alias hostname Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: hostname What is the name of your organizational unit? [Unknown]: hostname What is the name of your organization? [Unknown]: hostname What is the name of your City or Locality? [Unknown]: hostname What is the name of your State or Province? [Unknown]: hostname What is the two-letter country code for this unit? [Unknown]: CA Is CN=hostname, OU=hostname, O=hostname, L=hostname, ST=hostname, C=CA correct? [no]: yes Enter key password for <hostname> (RETURN if same as keystore password): hostname[username:/this/is/a/path][641]%
Since I have set all fields to hostname can I assume that my hostname is set to hostname?