jamie_lynn
asked on
If I generate a self signed certificate, does it need to be imported to the truststore on the same host?
Hi,
If I generate a self signed certificate from host ABC, does the certificate need to be imported to the truststore on the same host ABC to do a url openconnection https://ABC?
When i do a url.openConnection("https://ABC")
I am getting javax.net.ssl.SSLHandshake Exception: java.security.cert.Certifi cateExcept ion: No subject alternative names present
But if I try to import the generated self-signed certificate using keytool, it says
keytool error: java.lang.Exception: Certificate reply and certificate in keystore are identical
java.lang.Exception: Certificate reply and certificate in keystore are identical
Thanks
Jamie
If I generate a self signed certificate from host ABC, does the certificate need to be imported to the truststore on the same host ABC to do a url openconnection https://ABC?
When i do a url.openConnection("https://ABC")
I am getting javax.net.ssl.SSLHandshake
But if I try to import the generated self-signed certificate using keytool, it says
keytool error: java.lang.Exception: Certificate reply and certificate in keystore are identical
java.lang.Exception: Certificate reply and certificate in keystore are identical
Thanks
Jamie
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am using command below to import the certificate.
keytool -import -v -trustcacerts -keystore mykeystore.ks -alias ABC.corp.com -file /tmp/abc.der -keypass changeit -storepass changeit
Am i missing something?
Thanks
Jamie
keytool -import -v -trustcacerts -keystore mykeystore.ks -alias ABC.corp.com -file /tmp/abc.der -keypass changeit -storepass changeit
Am i missing something?
Thanks
Jamie
ASKER
I found out why.. I was using the ipaddress on the URL instead of the DNS hostname that is the CN in the certificate.
javax.net.ssl.SSLHandshake Exception: java.security.cert.Certifi cateExcept ion: No subject alternative names present
means that hostname used and the CN didn't match
Thanks!
javax.net.ssl.SSLHandshake
means that hostname used and the CN didn't match
Thanks!
Yes, as I responded to you above: "You'll get this error if you use an IP address as the CN name in your cert as well."
Good luck!
Good luck!
ASKER
I set the alias using keytool as the FQDN.
What do you mean by chrome browser has a serious deficiencies in this area?
Thanks
Jamie