From 72b2b716ff0feacda8693571a00232d18d2fd079 Mon Sep 17 00:00:00 2001
From: Dmitry Konstantinov <netudima@gmail.com>
Date: Tue, 9 Jun 2026 16:16:43 +0100
Subject: [PATCH] Regenerating Cassandra SSL test certificates with SANs and
 fixing TLS-related test failures

Patch by Dmitry Konstantinov; reviewed by Michael Semb Wever for CASSANDRA-21441
---
 tools/misc.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/tools/misc.py b/tools/misc.py
index 2f43d9dfca..b18c16b213 100644
--- a/tools/misc.py
+++ b/tools/misc.py
@@ -1,4 +1,5 @@
 import os
+import socket
 import subprocess
 import time
 import hashlib
@@ -66,9 +67,15 @@ def generate_ssl_stores(base_dir, passphrase='cassandra'):
         return
 
     logger.debug("generating keystore.jks in [{0}]".format(base_dir))
+    local_ip = socket.gethostbyname(socket.gethostname())
+    ips = ['127.0.0.{}'.format(i) for i in range(1, 17)]
+    if local_ip not in ips:
+        ips.append(local_ip)
+    san = 'dns:localhost,' + ','.join('ip:' + ip for ip in ips)
     subprocess.check_call(['keytool', '-genkeypair', '-alias', 'ccm_node', '-keyalg', 'RSA', '-validity', '365',
                            '-keystore', os.path.join(base_dir, 'keystore.jks'), '-storepass', passphrase,
-                           '-dname', 'cn=Cassandra Node,ou=CCMnode,o=DataStax,c=US', '-keypass', passphrase])
+                           '-dname', 'cn=Cassandra Node,ou=CCMnode,o=DataStax,c=US', '-keypass', passphrase,
+                           '-ext', 'SAN=' + san])
     logger.debug("exporting cert from keystore.jks in [{0}]".format(base_dir))
     subprocess.check_call(['keytool', '-export', '-rfc', '-alias', 'ccm_node',
                            '-keystore', os.path.join(base_dir, 'keystore.jks'),