@@ -20,65 +20,65 @@ all: clean create-keystore add-host create-truststore add-client
2020
2121create-keystore :
2222 # Generate a certificate authority (CA)
23- keytool -genkey -alias ca -ext BC=ca:true \
23+ keytool -genkey -alias ca -ext san=dns:localhost,ip:127.0.0.1 -ext BC=ca:true \
2424 -keyalg RSA -keysize 4096 -sigalg SHA512withRSA -keypass $(PASSWORD ) \
2525 -validity 3650 -dname $(DNAME_CA ) \
2626 -keystore $(KEYSTORE ) -storepass $(PASSWORD )
2727
2828add-host :
2929 # Generate a host certificate
30- keytool -genkey -alias $(HOSTNAME ) \
30+ keytool -genkey -alias $(HOSTNAME ) -ext san=dns:localhost,ip:127.0.0.1 \
3131 -keyalg RSA -keysize 4096 -sigalg SHA512withRSA -keypass $(PASSWORD ) \
3232 -validity 3650 -dname $(DNAME_HOST ) \
3333 -keystore $(KEYSTORE ) -storepass $(PASSWORD )
3434 # Generate a host certificate signing request
35- keytool -certreq -alias $(HOSTNAME ) -ext BC=ca:true \
35+ keytool -certreq -alias $(HOSTNAME ) -ext san=dns:localhost,ip:127.0.0.1 -ext BC=ca:true \
3636 -keyalg RSA -keysize 4096 -sigalg SHA512withRSA \
3737 -validity 3650 -file " $( HOSTNAME) " \
3838 -keystore $(KEYSTORE ) -storepass $(PASSWORD )
3939 # Generate signed certificate with the certificate authority
40- keytool -gencert -alias ca \
40+ keytool -gencert -alias ca -ext san=dns:localhost,ip:127.0.0.1 \
4141 -validity 3650 -sigalg SHA512withRSA \
4242 -infile " $( HOSTNAME) " " $( HOSTNAME) " \
4343 -keystore $(KEYSTORE ) -storepass $(PASSWORD )
4444 # Import signed certificate into the keystore
45- keytool -import -trustcacerts -alias $(HOSTNAME ) \
45+ keytool -import -trustcacerts -alias $(HOSTNAME ) -ext san=dns:localhost,ip:127.0.0.1 \
4646 -file " $( HOSTNAME) " \
4747 -keystore $(KEYSTORE ) -storepass $(PASSWORD )
4848
4949export-authority :
5050 # Export certificate authority
51- keytool -export -alias ca -file ca.crt -rfc \
51+ keytool -export -alias ca -ext san=dns:localhost,ip:127.0.0.1 - file ca.crt -rfc \
5252 -keystore $(KEYSTORE ) -storepass $(PASSWORD )
5353
5454
5555create-truststore : export-authority
5656 # Import certificate authority into a new truststore
57- keytool -import -trustcacerts -noprompt -alias ca -file ca.crt \
57+ keytool -import -trustcacerts -noprompt -alias ca -ext san=dns:localhost,ip:127.0.0.1 - file ca.crt \
5858 -keystore $(TRUSTSTORE ) -storepass $(PASSWORD )
5959
6060add-client :
6161 # Generate client certificate
62- keytool -genkey -alias $(CLIENTNAME ) \
62+ keytool -genkey -alias $(CLIENTNAME ) -ext san=dns:localhost,ip:127.0.0.1 \
6363 -keyalg RSA -keysize 4096 -sigalg SHA512withRSA -keypass $(PASSWORD ) \
6464 -validity 3650 -dname $(DNAME_CLIENT ) \
6565 -keystore $(TRUSTSTORE ) -storepass $(PASSWORD )
6666 # Generate a host certificate signing request
67- keytool -certreq -alias $(CLIENTNAME ) -ext BC=ca:true \
67+ keytool -certreq -alias $(CLIENTNAME ) -ext san=dns:localhost,ip:127.0.0.1 -ext BC=ca:true \
6868 -keyalg RSA -keysize 4096 -sigalg SHA512withRSA \
6969 -validity 3650 -file " $( CLIENTNAME) " \
7070 -keystore $(TRUSTSTORE ) -storepass $(PASSWORD )
7171 # Generate signed certificate with the certificate authority
72- keytool -gencert -alias ca \
72+ keytool -gencert -alias ca -ext san=dns:localhost,ip:127.0.0.1 \
7373 -validity 3650 -sigalg SHA512withRSA \
7474 -infile " $( CLIENTNAME) " " $( CLIENTNAME) " \
7575 -keystore $(KEYSTORE ) -storepass $(PASSWORD )
7676 # Import signed certificate into the truststore
77- keytool -import -trustcacerts -alias $(CLIENTNAME ) \
77+ keytool -import -trustcacerts -alias $(CLIENTNAME ) -ext san=dns:localhost,ip:127.0.0.1 \
7878 -file " $( CLIENTNAME) " \
7979 -keystore $(TRUSTSTORE ) -storepass $(PASSWORD )
8080 # Export private certificate for importing into a browser
81- keytool -importkeystore -srcalias $(CLIENTNAME ) \
81+ keytool -importkeystore -srcalias $(CLIENTNAME ) -ext san=dns:localhost,ip:127.0.0.1 \
8282 -srckeystore $(TRUSTSTORE ) -srcstorepass $(PASSWORD ) \
8383 -destkeystore " $( CLIENTNAME) " $(PASSWORD ) \
8484 -deststoretype PKCS12
0 commit comments