The steps provided in the D360 Analyze online documentation to enable HTTPS on the D360 server are incomplete.
The keytool -genkey command results in the creation of a common name (CN) referencing the DNS name of the server in the eventual self-signed certificate.
However, this means that the Chrome browser will warn against the server as not secure, as it expects the server DNS to appear in the SAN field (alternative name) instead of CN.
I don't know if the keytool's interactive mode allows for the SAN input.
So I had to modify the command line as follows to get rid of that warning in Chrome:
keytool -genkey -alias tomcat -keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks -dname "CN=myhost.com,OU=Dev,O=MyCorp,L=Windermere,S=Cumbria,C=GB" -ext san=dns:myhost.com,ip:22.214.171.124
Perhaps the documentation can be updated appropriately?
Please sign in to leave a comment.