Hi All
So we are moving away to sign our own tomcat boxes that run windows behind a loadbalaner rather than linux so sorting out the new internal certs to take over from when the SSL terminates at the balancer.
As it seems the resulting jks file is just copied over to other servers after following this article.. https://learn.jamf.com/bundle/technical-articles/page/Enabling_SSL_on_Tomcat_with_a_Public_Certifica...
I have only ever done signing for IIS and winboxes, there seems to be no way in specifying the multi SAN, ie the servers themselves as well as the main URL that i specify, is this not needed for tomcat certs i always assumed you needed to list the local servers, or because we have a external cert terminating at the loadbalancer with the same domain url do we just need the URL domain only on the local cert to continue the 'journey'
sorry for the word 'soup'
