Hi,
I want to generate a SSL certificate with SANs. When I try “keytool -certreq -alias tomcat -file C:\csr.txt -keystore C:\ssl.key -ext SAN=test.testdomain.com” I get an error saying ‘illegal operation: -ext’.
Thanks
Try putting the -ext argument before the C:\ssl.key filepath - the argument parsing likely doesn’t expect arguments after the output file.
Tried it. I get the same error. I could not find -ext in help as well. Is this something related to Java version?
You say you want to generate a new certificate but it looks like you’re running a command to generate a CSR…
Sorry, I meant CSR not CRT.
The SAN needs to be part of the certificate before you generate a CSR for it.
Try generating a new certificate, using -ext SAN=... to put your desired hostname into it, then generate a CSR without that sub-command.