??? You can do that when using the same server CN. On clients configure to trust your CA and the one CN of server. Multiple server CNs is what the original requester wanted to avoid - and wildcard CN entries can be problematic alan