I am using the JDK 7 keytool to generate a keypair. I need to add multiple X509 Subject Alternative Names (SANs) to the key. My command line includes multiple -ext san=DNS:xxxx entries and is accepted in line with the documentation that states"This option can appear multiple times."
However, only the last -ext entry appears to be recognized and built into the keypair. How can I successfully generate a keypair with multiple SANs and have them all incorporated?
Problem solved.... I determined that rather than using multiple -ext options, I needed to place the multiples on a single -ext option spearated by commas. Both syntaxes are accepted by the tool, but only the single option will allow multiple DNS SANs to be accepted.