The JDK7 suggestion is a good one. In the meantime I was able to do it using the Bouncy Castle library. It was educational to do it programmatically instead of with keytool and getting the stores in jks format was straightforward.

JDK7 的建议是一个很好的建议。与此同时，我能够使用 Bouncy Castle 库来做到这一点。以编程方式而不是使用 keytool 来完成它具有教育意义，并且以 jks 格式获取存储很简单。

You can do this by adding the SAN function to the command when creating the CSR:

您可以通过在创建 CSR 时将 SAN 功能添加到命令中来执行此操作：

Create the Keystore:

创建密钥库：

keytool -genkey -alias SANTEST -keyalg RSA -keystore SANTEST.jks -keysize 2048

Issue the CSR:

发出 CSR：

keytool -certreq -alias SANtest01 -keystore SANTEST.jks -ext san=dns:san.yourdomain.com -keysize 204

http://download.java.net/jdk8/docs/technotes/tools/solaris/keytool.html

http://download.java.net/jdk8/docs/technotes/tools/solaris/keytool.html

You can do this only with the JDK7 or later version of keytool. OpenJDK 7has it.

您只能使用 JDK7 或更高版本的keytool. OpenJDK 7拥有它。

It sounds like getting the more recent keytool might be easiest, but you could also create the certificate with alternate name set using openssl and then import that into keytool.

听起来获取更新的 keytool 可能是最简单的，但您也可以使用 openssl 创建具有备用名称集的证书，然后将其导入 keytool。

You can use http://Ssltools.com/managerto create the San cert and export it and then import it into the keystore.

您可以使用http://Ssltools.com/manager创建 San 证书并将其导出，然后将其导入密钥库。

keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore my-keystore.jks -srckeystore cert-and-key.p12 -srcstoretype PKCS12 -srcstorepass cert-and-key-password -alias 1

keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore my-keystore.jks -srckeystore cert-and-key.p12 -srcstoretype PKCS12 -srcstorepass cert-and-key-password -alias 1