We have a VNA Host and I see that the SSL Cert only has the FDQN for "DNS Name" in the SAN fields. What is the best way to update the cert with the DNS short name and host IP?

ANY

A new SSL Cert / Keystore can be created to include the necessary SAN names and IPs.

• Stop Wildfly
  
     systemctl stop wildfly

• Rename the current keystore.jks file (we will generate a new one)

            mv /opt/CA/VNA/wildfly/standalone/configuration/keystore.jks  /opt/CA/VNA/wildfly/standalone/configuration/keystore.jks.old

   Note: If your VNA install is in a different path please adjust the path

• Locate java on your system, check which the system is pointing to

           sudo update-alternatives --config 'java'

• Generate a new SSL certificate

          cd  <enter path to java bin folder>
          ./keytool -genkey -alias cavna -keyalg RSA -keysize 2048 -validity 730 -ext san=dns:<host name>.<Your domain>,dns:<host name>,ip:##.###.##.##.### -keystore /opt/CA/VNA/wildfly/standalone/configuration/keystore.jks -storepass changeit

Note: Please replace the <host name>.<Your domain>, <host name>, and ##.###.##.##.### with the VNA Servers Host names and IP Address.
Note: You will be asked a series of questions, last/first name should be the FQDN name <host name>.<Your domain>
              The name entered here must also be included in the SAN list.
     

• Start Wildfly
  
     systemctl start wildfly