Reputation: 141
certificate with more than one IP SAN extensions
I’m using a Java web service client, which connects to a web service via HTTPS. The machine on the server side, has more than one IP address, and I would like to reach this web service through any of its IPs. The client is only able to reach the server through IP based URLs, not DNS resolvable host names.
Since the WS client performs the verification of the certificate identity based on the IP SAN extension that was established while building the certificate through the Java keytool, I wonder if it’s possible to build a certificate enumerating more than one IP SAN extensions? So far I could only establish one IP per certificate, but then, when I try to reach the WS through any other IP (a.b.c.d), I get an error stating that the certificate wasn’t made with that IP:
java.security.cert.CertificateException: No subject alternative names matching IP address a.b.c.d found
If this is not possible, how do you suggest me to circumvent this issue?
Thanks
Upvotes: 5
Views: 3349
Answers (1)
Reputation: 141
Already found how to do it... and sorry to bother you guys with this dumb question... easy:
san=ip:a.b.c.d,ip:e.f.g.h
Thanks,
Ric.
Upvotes: 9
Related Questions
- Using a single certificate based on aliases from Java Key Store
- keytool importing multiple certificates in single file
- Using multiple SSL client certificates in Java with the same host
- How can I have multiple SSL certificates for a Java server
- How to load multiple SSL certificates in Java KeyStore?
- Java's keytool command with IP addresses
- How to add multiple key usages to a certificate when using Java keytool
- How are SSL certificate server names resolved/Can I add alternative names using keytool?
- Java Server with Multiple SSL Certificate
- How do I Use "Multiple" SSL certificates in Java?