You need to provide localhost as a subject alternative name when creating your certificate. You can do that by provide the following additional parameter: -ext "SAN:c=DNS:localhost,IP:127.0.0.1"
So something like this:
keytool -genkeypair -keyalg RSA -keysize 2048 -alias stackoverflow \
-dname "CN=stackoverflow,OU=Hakan,O=Hakan,C=NL" \
-ext "SAN:c=DNS:localhost,IP:127.0.0.1" -validity 3650 \
-storepass <password> -keypass <password> \
-keystore identity.jks -deststoretype pkcs12
Some explanation:
The SAN field will be used to match the hostname, which will be provided in the request. So when you are running your application on localhost, lets say https://localhost:443, and you also want to make a request to that specific host, then that hostname should also be available within the SAN field; otherwise, it will fail during the handshake process.
Let’s grab Stackoverflow as an example. To be able to reach stackoverflow over https we would expect that the certificate should contain at least an entry of stackoverflow.com
Below is the certificate SAN value of stackoverflow with the specific DNS highlighted for this example:
As you can see already it contains also other DNS values. In this way websites owners can use the same certificate for multiple websites/subdomains etc.