Creating a self-signed certificate with Subject Alternative Name

Create a self-signed certificate with Subject Alternative Name (SAN) when you want to use an SSL certificate for multiple domains.

Create a file with the name domain.cnf and add the following configuration as per your requirement:
[req]

default_bits = 2048

prompt = no

default_md = sha256

x509_extensions = v3_req

distinguished_name = dn

[dn]

C = ES

ST = MyState

L = MyCity

O = MyOrg

emailAddress = email@mydomain.com (Any email address)

CN = sss-laptop136.aaspl-brd.com (CR FQDN Url Name)

[v3_req]

subjectAltName = @alt_names

[alt_names]

DNS.1 = sss-laptop136.aaspl-brd.com (CR FQDN Url Name)

DNS.2 = sss-laptop151.aaspl-brd.com (IQBOT URL FQDN Name)
Download the Openssl utility.

Create the certificate either on Microsoft Windows or on Linux:

Run the following command to create the certificate on Microsoft Windows:

openssl.exe req -new -x509 -newkey rsa:2048 -sha256 -nodes -keyout
"D:\ssc\ssc\key.key" -days 3560 -out "D:\ssc\ssc\cert.crt" -config
"D:\ssc\ssc\domain.cnf"

Run the following command to create the certificate on Linux:

openssl req -new -x509 -newkey rsa:2048 -sha256 -nodes -keyout /tmp/cert/key.key -days 3560
-out /tmp/cert/cert.crt -config /tmp/cert/domain.cnf

Create the .pfx file from cert and key file:
- Run the following command to create the .pfx file from the cert and key file on Microsoft Windows:
```
openssl.exe pkcs12 -export -out "D:\ssc\ssc\sss-aspl.pfx" -inkey "D:\ssc\ssc\key.key"
-in "D:\ssc\ssc\cert.crt"
```
- Run the following command to create the .pfx file from the cert and key file on Linux:
```
openssl.exe pkcs12 -export -out /tmp/cert/sss-aspl.pfx -inkey /tmp/cert/key.key -in
/tmp/cert/cert.crt"
```
Import the .pfx file in Microsoft IIS.
Use the same .pfx file with the installation of IQ Bot.
Run the following command to import the certificate in the Java keystore:
```
keytool.exe -import -alias dev -keystore "C:\Program Files
(x86)\Java\jre1.8.0_91\lib\security\cacerts" -file "D:\cert\xyz.com.crt"
```
Based on the type of operating system 32-bit / 64-bit, this C:\Program Files (x86)\Java\jre1.8.0_91\lib\security\cacerts directory can differ.

If the certificate is not imported in the Java keystore, then Control Room shows the following error message: Java security certificate path validator signature check failed.
Go to %installation_dir%\Configurations and run stopanduninstallallservices.bat as an administrator.
Go to %installation_dir%\Configurations and run installandstartervices.bat as an administrator.
Import the cert.crt file to the Trusted Root using the Microsoft Management Console (MMC).

Automation 360

Creating a self-signed certificate with Subject Alternative Name