7 Oct
2015
7 Oct
'15
10:41 a.m.
You really should have a SAN present. Some clients reject X.509 certificates that miss this. Google, for example, have plans to stop supporting CNs at all in very short order - they'll just ignore them completely, relying only on SANs. If there's no match against them, they will consider the certificate invalid. Cheers, Nick