x509certificate

I'm using openssl to create self-signed certs. I'm getting this error with the certs I generated: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present Does anyone know how to specify "Subject alternative name" while creating a cert? This is how I'm generating a keystore: sudo $JAVA_HOME/bin/keytool -genkey -dname "CN=192.168.x.xxx, OU=I, O=I, L=T, ST=On, C=CA" -alias tomcat -validity 3650 -keyalg RSA -keystore /root/.keystore -keypass abcd -storepass abcd To generate a key: openssl s_client -connect 192.168.x.xxx:8443 2>/dev/null

Is it possible to sanely create an X509 Certificate in Java code without using the Bouncy Castle X509V*CertificateGenerator classes? The ability to sign certificates is not part of a standard Java library or extension. A lot of the code that is needed to do it yourself is part of the core. There are classes to encode and decode X.500 names, X.509 certificate extensions, public keys for various algorithms, and of course, for actually performing the digital signature. Implementing this yourself is not trivial, but it is definitely doable—I probably spent 4 or 5 full days the first time I made a

I am developing a TCP client to connect OpenSSL server with the certificate authentication. I have using .crt and .key files shared by server team. These certificates are generated by OpenSSL commands. I am using SslStream object to authenticate the Tcp client by calling SslStream.AuthenticateAsClient method by passing server IP , SslProtocols.Ssl3 and X509CertificateCollection . I am getting the following error: Authentication failed because the remote party has closed the transport stream I would advise against restricting the SecurityProtocol to TLS 1.1. The recommended solution is to use