Skip to main content

How to add Subject Alt Names or multiple domains in a key-store and self signed certificate

How to add multiple domains(subject alt names) into certificate and a keystore(.jks) file

Introduction

In this article, we will see how to add multiple domains also known as the Subject alt name in the JKS file. If you are getting SSL handshake exception and your application is complaining about

then basically it means that your JKS file is missing the required domain on which you are trying to access the application.

 

Using Open SSL and the key tool to add multiple domains

  1. Copy the openssl.cnf into a current directory
  2. Now append the ‘[ subject_alt_name ]’ to end of openssl.cnf file
  3. Now add multiple domain names, in the below example I am adding multiple domains, along with localhost
  4. Create the .public  and private key, also note here we are adding the CN name and organisation details. The advantage of adding it in particular command is that you won’t be prompted with any details

    The above command should generate a set of public and private keys. The private key will be generated in a file called private.key and the public key or certificate will be generated in a file called self-signed.pem.Also please note that above command also defines the country, state, location, organization name for simplification only XX has been added and the validity for above certificate is for a year which is controlled by ‘-days 365’. Feel free to change as per your needs.
  5. Verify the .pem file has been generated successfully

    From the above command, you should see the multiple domain names which have been added. This verifies that our
  6. Export the public key (.pem) file to PKS12 format. This will prompt you for password
  7. Create a.JKS from self-signed PEM (Keystore)

    The above-generated.jks file can you use within your Java application.

  8. Verify is the JKS has been correctly created

    This should show you the multiple subject alt names added

     
  9. Generate a Certificate from above Keystore or JKS file

     
  10.  Since the above certificate is Self Signed and is not validated by CA, it needs to be added in Truststore(Cacerts file in below location)

     

    Tip – Keystore Explorer is a nice tool to verify the trust store, examine certificates etc

Leave a Reply

Your email address will not be published. Required fields are marked *

Bitnami