Now adding localhost as a Subject alternative name to the certificate, so it also support localhost (as a multi-domain certificate).

Author: jonashackt

README.md

@@ -52,7 +52,7 @@ openssl genrsa -des3 -out aliceprivate.key 128
 #### 2. Certificate Signing Request (CSR): alice.csr
 
 ```
-openssl req -new -key aliceprivate.key -out alice.csr
+openssl req -new -key aliceprivate.key -out alice.csr -config alice-csr.conf
 ```
 
 __Common Name__: `server-alice`, which will later be a DNS alias inside the Docker network 
@@ -61,7 +61,7 @@ __Common Name__: `server-alice`, which will later be a DNS alias inside the Dock
 #### 3. self-signed Certificate: alice.crt
 
 ```
-openssl x509 -req -days 3650 -in alice.csr -signkey aliceprivate.key -out alice.crt
+openssl x509 -req -days 3650 -in alice.csr -signkey aliceprivate.key -out alice.crt -extfile alice-csr.conf -extensions v3_req
 ```
 
 
@@ -174,3 +174,16 @@ The result should look like this:
 ![client-keystore](https://github.com/jonashackt/spring-boot-rest-clientcertificates-docker-compose/blob/master/client-keystore.png)
 
 
+
+
+# Links
+
+https://stackoverflow.com/questions/25869428/classpath-resource-not-found-when-running-as-jar
+
+https://www.thomas-krenn.com/de/wiki/Openssl_Multi-Domain_CSR_erstellen
+
+https://stackoverflow.com/questions/30977264/subject-alternative-name-not-present-in-certificate
+
+https://stackoverflow.com/questions/21488845/how-can-i-generate-a-self-signed-certificate-with-subjectaltname-using-openssl
+
+https://serverfault.com/questions/779475/openssl-add-subject-alternate-name-san-when-signing-with-ca

server-alice/src/main/resources/alice-csr.conf

@@ -0,0 +1,20 @@
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+prompt = no
+
+[req_distinguished_name]
+C = DE
+ST = Thuringia
+L = Erfurt
+O = Alice Corp
+OU = Team Foo
+CN = server-alice
+
+[v3_req]
+keyUsage = keyEncipherment, dataEncipherment
+extendedKeyUsage = serverAuth
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = server-alice
+DNS.2 = localhost

server-alice/src/main/resources/alice-keystore.p12

@@ -1,16 +1,17 @@
 -----BEGIN CERTIFICATE-----
-MIICczCCAdwCCQCa8HHKqch/djANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJE
-RTESMBAGA1UECAwJVGh1cmluZ2lhMQ8wDQYDVQQHDAZFcmZ1cnQxEzARBgNVBAoM
-CkFsaWNlIENvcnAxFTATBgNVBAMMDHNlcnZlci1hbGljZTEeMBwGCSqGSIb3DQEJ
-ARYPYWxpY2VAZW1haWwuY29tMB4XDTE3MTIxMjEwNTgxOVoXDTI3MTIxMDEwNTgx
-OVowfjELMAkGA1UEBhMCREUxEjAQBgNVBAgMCVRodXJpbmdpYTEPMA0GA1UEBwwG
-RXJmdXJ0MRMwEQYDVQQKDApBbGljZSBDb3JwMRUwEwYDVQQDDAxzZXJ2ZXItYWxp
-Y2UxHjAcBgkqhkiG9w0BCQEWD2FsaWNlQGVtYWlsLmNvbTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEA7WKw0oR+WPiHfwUSm7OLyMKbdc1c08x47mrtJagHKhOm
-mTCLlZOZ6L1XzidgnF8dvG+7mODnoUjMDWAAmR65WLOV3KM5sZAnPmIK9/KzvO83
-7tixEbrueQAC5IOYmdo9oc9rr5VziWzAa3xUtloEl2Jme1hdsq1AUtX35u0Ap3EC
-AwEAATANBgkqhkiG9w0BAQUFAAOBgQAXcHl0813Ub++RByhpbaWQwk6lv5kWGt0X
-8X2oWKt/zAtw3mA9nkY5ad+usMfq858iZcq8Y7IVhdm1rSVfcma9OO9UkSHRGaMB
-1wrk8tBXFfRdKZxlUvoPQI1egbFnEKflKMYpPvXyNAxDXGVEe/58Q005eJdgz1Hc
-FEpcLWIG7g==
+MIICqDCCAhGgAwIBAgIJAJfsRKTuMVkVMA0GCSqGSIb3DQEBBQUAMHExCzAJBgNV
+BAYTAkRFMRIwEAYDVQQIDAlUaHVyaW5naWExDzANBgNVBAcMBkVyZnVydDETMBEG
+A1UECgwKQWxpY2UgQ29ycDERMA8GA1UECwwIVGVhbSBGb28xFTATBgNVBAMMDHNl
+cnZlci1hbGljZTAeFw0xNzEyMTIxODEwMDhaFw0yNzEyMTAxODEwMDhaMHExCzAJ
+BgNVBAYTAkRFMRIwEAYDVQQIDAlUaHVyaW5naWExDzANBgNVBAcMBkVyZnVydDET
+MBEGA1UECgwKQWxpY2UgQ29ycDERMA8GA1UECwwIVGVhbSBGb28xFTATBgNVBAMM
+DHNlcnZlci1hbGljZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA7WKw0oR+
+WPiHfwUSm7OLyMKbdc1c08x47mrtJagHKhOmmTCLlZOZ6L1XzidgnF8dvG+7mODn
+oUjMDWAAmR65WLOV3KM5sZAnPmIK9/KzvO837tixEbrueQAC5IOYmdo9oc9rr5Vz
+iWzAa3xUtloEl2Jme1hdsq1AUtX35u0Ap3ECAwEAAaNIMEYwCwYDVR0PBAQDAgQw
+MBMGA1UdJQQMMAoGCCsGAQUFBwMBMCIGA1UdEQQbMBmCDHNlcnZlci1hbGljZYIJ
+bG9jYWxob3N0MA0GCSqGSIb3DQEBBQUAA4GBALyWWCPUJAwapV4g3qJ0PwATEkkd
+gC/nzm3J8KSsBBVAnzAn/IrWV1O3f+FDaxOMUyOXbYDql96okpKeohXjT/8Q1V+F
+iWWsBDvVS5q8OPlx0fdfk8bnEqUUa7T17WQLnfTl42f38pp/9p0sdIB3MVp2tRJZ
+p27l9wAt3E2dJDr1
 -----END CERTIFICATE-----

server-alice/src/main/resources/alice-truststore.jks

@@ -1,12 +1,13 @@
 -----BEGIN CERTIFICATE REQUEST-----
-MIIBvjCCAScCAQAwfjELMAkGA1UEBhMCREUxEjAQBgNVBAgMCVRodXJpbmdpYTEP
-MA0GA1UEBwwGRXJmdXJ0MRMwEQYDVQQKDApBbGljZSBDb3JwMRUwEwYDVQQDDAxz
-ZXJ2ZXItYWxpY2UxHjAcBgkqhkiG9w0BCQEWD2FsaWNlQGVtYWlsLmNvbTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA7WKw0oR+WPiHfwUSm7OLyMKbdc1c08x4
-7mrtJagHKhOmmTCLlZOZ6L1XzidgnF8dvG+7mODnoUjMDWAAmR65WLOV3KM5sZAn
-PmIK9/KzvO837tixEbrueQAC5IOYmdo9oc9rr5VziWzAa3xUtloEl2Jme1hdsq1A
-UtX35u0Ap3ECAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4GBAJ1TJMMROF2qWIAosSQW
-76meIBZwwKYm28otKkMYjQM/ElzD7XtISKUk/aOg/2TGAs5mJCMGjZJDoT66/Oos
-id/8ngjduApNmT33n9J9fMm2FHhqhbL30a2QYzaJa1jTPDklhF0pnpT0X/v5Lney
-C5m6MN54CW7bI+fTYto0V4BT
+MIICCDCCAXECAQAwcTELMAkGA1UEBhMCREUxEjAQBgNVBAgMCVRodXJpbmdpYTEP
+MA0GA1UEBwwGRXJmdXJ0MRMwEQYDVQQKDApBbGljZSBDb3JwMREwDwYDVQQLDAhU
+ZWFtIEZvbzEVMBMGA1UEAwwMc2VydmVyLWFsaWNlMIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQDtYrDShH5Y+Id/BRKbs4vIwpt1zVzTzHjuau0lqAcqE6aZMIuV
+k5novVfOJ2CcXx28b7uY4OehSMwNYACZHrlYs5XcozmxkCc+Ygr38rO87zfu2LER
+uu55AALkg5iZ2j2hz2uvlXOJbMBrfFS2WgSXYmZ7WF2yrUBS1ffm7QCncQIDAQAB
+oFcwVQYJKoZIhvcNAQkOMUgwRjALBgNVHQ8EBAMCBDAwEwYDVR0lBAwwCgYIKwYB
+BQUHAwEwIgYDVR0RBBswGYIMc2VydmVyLWFsaWNlgglsb2NhbGhvc3QwDQYJKoZI
+hvcNAQELBQADgYEAb4ZuIj5jgAtryg2CQ1A6jAvkq96WolStj+iW7SvekgKZRNEJ
+CjvYrXD+0ysGu2VKCksCAAFNy/gQUWCBCvRZJ8VYD/m8ydFcsLDpZ/IfZ7OS5hy2
+A8KKmmcrDSTZHMCdt+7rmr+bVpjiy7iVakXxiwo/YoERTPtQcfXEliiHgIM=
 -----END CERTIFICATE REQUEST-----

server-alice/src/main/resources/alice.crt

@@ -25,7 +25,6 @@ public class RestClientCertTest {
 	@Autowired
     private RestTemplate restTemplate;
 
-	@Ignore("currently not running, because the certificate isn´t issued for 'localhost'")
 	@Test
 	public void is_hello_resource_callable_with_client_cert() {
 		String response = restTemplate.getForObject("https://localhost:" + port + "/hello", String.class);