You may encounter issues when you use default self-signed certificates. Follow these instructions to troubleshoot the issues.

Issue: 'net::ERR_CERT_COMMON_NAME_INVALID'

This error is displayed even though you import the the default self-signed certificate into "Certificates" of [Trusted Root Certification Authorities] of a Windows machine. Because, the Chrome 58 or higher and Edge browsers do not trust the TLS certificates if the Subject Alternative Name (SAN) is absent.

To troubleshoot this issue, you must regenerate the certificate with SAN and import into "Certificates" of [Trusted Root Certification Authorities] of a Windows machine:

1. Back up the following keystore.jks file.

   <AppD Home>\Platform\product\controller\appserver\jetty\etc\keystore.jks

2. Delete the s1as entry from keystore.jks .

   keytool -delete -alias s1as -keystore <AppD Home>\Platform\product\controller\appserver\jetty\etc\keystore.jks

3. Create a new key-pair and the s1as entry in keystore.jks , and add it to keystore.jks .

   keytool -genkeypair -alias s1as -keyalg RSA -keystore <AppD Home>\Platform\product\controller\appserver\jetty\etc\keystore.jks -keysize 2048 -validity 1825 -storepass changeit -keypass changeit -dname "CN=<hostname>" -ext "SAN=dns:<hostname>"

4. Export the certificate from keystore.jks .

   keytool -exportcert -alias s1as -keystore keystore.jks -file <AppD Home>\Platform\product\controller\appserver\jetty\etc\keystore_controller.crt -rfc -storepass changeit

5. Open the keystore_controller.crt Certificate Manager, select Certificates under Trusted Root Certification Authorities, and import

6. Restart the Controller.