Keytool设置主机名

Question

我只是试图使用java keytool,但我无法弄清楚如何设置主机名.

这就是我尝试的方式:

hostname[username:/this/is/a/path][640]% keytool -keystore server.keystore -genkeypair -alias hostname
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  hostname
What is the name of your organizational unit?
  [Unknown]:  hostname
What is the name of your organization?
  [Unknown]:  hostname
What is the name of your City or Locality?
  [Unknown]:  hostname
What is the name of your State or Province?
  [Unknown]:  hostname
What is the two-letter country code for this unit?
  [Unknown]:  CA
Is CN=hostname, OU=hostname, O=hostname, L=hostname, ST=hostname, C=CA correct?
  [no]:  yes

Enter key password for <hostname>
        (RETURN if same as keystore password):
hostname[username:/this/is/a/path][641]%

由于我已将所有字段都设置为hostname,我可以假设我的主机名设置为hostname吗？

Answer 1

CN = hostname - 这是你在这里要求的第一个选项.令人困惑的是,keytool将其称为"名字和姓氏".

Answer 2

根据RFC 2818"HTTP over TLS"的第3.1节"服务器标识" ,客户端应该将服务器证书中主题DN(专有名称)的CN(公用名)部分与DNS中的DNS主机名进行比较. URL.

因此,使用公共名称(CN)作为主机名(keytool的第一个问题).