Keytool set hostname

CN=hostname - it's the first option you're being asked for here. It's confusing that keytool refers to it as "first and last name".

Also good to use, SAN (Subject Alternative Name). keytool ...... -ext "SAN=DNS:"

SAN=IP: is also possible. Those entries will be checked again in hostname verification, too, and make it possible to have one certificate for your server, even if it hast more than one DNS name.

According to the section 3.1 "Server Identity" of RFC 2818 "HTTP over TLS", a client is supposed to compare the CN (Common Name) portion of the subject DN (Distinguished Name) in the server certificate to the DNS host name in the URL.

So use the Common Name (CN) for the hostname (the first question of the keytool).