A memo when "I do not get a certificate error with a self-signed certificate using Java's Keytool"

Event

In Chrome58 and later, matching the CN name with the requested host name is not considered a secure connection and ERR_CERT_COMMON_NAME_INVALID is returned. For example, when accessing with https: // localhost with a certificate issued with CN = localhost.

Reason

Since Chrome58, the extension area of certificate V3: DNS name is also verified. Qiita: How to make a certificate that won't get angry with Chrome

Keytool support and restrictions

Specify DNS as an option when issuing a self-signed certificate with keytool. At that time, the domain name is always in A.B.C or A.B.C.D format. Due to keytool restrictions, it seems that you cannot specify wildcards or suffix formats that start with.

keytool -genkey -alias tomcat -storetype PKCS12 -keyalg RSA -keysize 2048 
-ext san=dns:sample.localhost.com -keystore "tomcat.jks" -validity 3650

(Actually in one line)

Please enter the keystore password:(Keystore password)
Please re-enter your new password:(Keystore password)
What is your first and last name?
  [Unknown]:  sample.localhost.com (Host name for verification)
What is the organizational unit name?
  [Unknown]:  Capybara
What is your organization name?
  [Unknown]:  Capybara
What is the city or region name?
  [Unknown]:  Shinagawa
What is the state or state name?
  [Unknown]:  Tokyo
What is the two-letter country code for this unit?
  [Unknown]:  JP
CN=sample.localhost.com, OU=Capybara, O=Capybara, L=Shinagawa, ST=Tokyo, C=Are you sure you want JP?
[No]:  y

After publishing, apply this keystore tomcat.jks to any Servlet container and start it. At that time, register sample.localhost.com in the hosts file so that it becomes localhost (127.0.0.1).

Recommended Posts

A memo when "I do not get a certificate error with a self-signed certificate using Java's Keytool"
I get a 404 error when testing forms authentication with Spring Security
[Visual Studio Code] I get a syntax error when debugging when using rbenv
I get an error when adding a dependency
When I renew the certificate with CircleCI × fastlane, I get an exit status: 65 error.
I get a Ruby version error when I try to start Rails.
What to do when is invalid because it does not start with a'-'
What to do if you get an error saying "Please enter a valid value" when getting with Rails datetime_field
What to do if you get an error saying "Could not find a JavaScript runtime." When starting rails server
A memo that I was addicted to when making batch processing with Spring Boot
A memo to do for the time being when building CentOS 6 series with VirtualBox
What to do if you get a port error when docker-compose up on Mac
What to do when a null byte error occurs
Docker php-apache SSL support with self-signed certificate (my memo)
When I bcrypt with node + docker, I got an error
When I run docker-compose exec in crontab, I get "the input device is not a TTY"
A memo when the incoming number acquisition using Broadcast Receiver does not work on Android 9/10
What to do if you get a "Cannot Pull Container Error" when starting ECS ​​Fargate
When starting Eclipse debug, I get a `ERROR: JDWP Transport dt_socket failed` error and cannot start.