1

I have generated a Java Keystore File for TLS communication using below command:

keytool -genkeypair -alias presto -keyalg RSA -keystore keystore.jks

Enter keystore password:  
Re-enter new password: 
What is your first and last name?
  [Unknown]:  presto-coordinator.example.com
What is the name of your organizational unit?
  [Unknown]:  
What is the name of your organization?
  [Unknown]:  
What is the name of your City or Locality?
  [Unknown]:  
What is the name of your State or Province?
  [Unknown]:  
What is the two-letter country code for this unit?
  [Unknown]:  
Is CN=presto-coordinator.example.com, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
  [no]:  yes

While doing https calls i am getting this error:

Error running command: javax.net.ssl.SSLPeerUnverifiedException: Hostname localhost not verified:
    certificate: sha256/yowvqYOtr5pERHGb2zWsD4haTvCk2NFbSDkqkeB5boY=
    DN: CN=presto-coordinator.example.com, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
    subjectAltNames: []

How to verify my localhost ?

auth_Ast
  • 21
  • 3

1 Answers1

3

It looks like you have a similar issue as mentioned within this topic: Certificate for <localhost> doesn't match any of the subject alternative names

The host localhost cannot be accessed or is not trusted because it is not present within the SAN (subject alternative name) field. You can fix this issue by providing an additional argument while creating the keystore, for example with -ext "SAN:c=DNS:localhost,IP:127.0.0.1"

Can you retry with the following command:

keytool -genkeypair -alias presto -keyalg RSA -keystore keystore.jks -ext "SAN:c=DNS:localhost,IP:127.0.0.1"
Hakan54
  • 3,121
  • 1
  • 23
  • 37
  • Thank you. This seemed to be the case when my self-signed certificate didn't cover 10.0.2.2. – Bower Jul 25 '23 at 21:15