SSL Certificate with Subject Alternate Names

14 12 2014

This post is a continuation of Creating HTTPS SSL Self Signed certificate. SSL Certificates are created for one particular ‘cn’. This can be your domain name (

Certificate Validation Exception may occur when you try to access your host another way (for example using IP address instead of domain name or accessing it from localhost).

Java keytool has an extention: SAN (Subject alternative name), where you can specify all names that are acceptable by you (like ‘localhost’ or IP ‘’).¬†Both IP and DNS can be specified with the keytool additional argument:


so the full command is:

keytool -genkey -alias keyAlias -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore myKeystore.p12 -validity 3650 -ext,dns:localhost,ip:

Did I help you?
I manage this blog and share my knowledge for free, sacrificing my time. If you appreciate it and find this information helpful, please consider making a donation in order to keep this page alive and improve quality

Donate Button with Credit Cards

Thank You!



Give Your feedback:

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: