Changes

Some CAs '''mistakenly''' believe that one primary DNS name should go into the Subject Common Name and all the others into the SAN.  According to the [https://www.cabforum.org/baseline-requirements-documents.html / CA/Browser Forum Baseline Requirements:]* BR #9.2.1 (section Section 7.1.4.2.1 in BR version 1.3), Subject Alternative Name Extensionstates:** Certificate Field: '''extensions:subjectAltName'''

** Contents: This extension MUST contain at least one entry. Each entry MUST be either a dNSName containing the Fully-Qualified Domain Name or an iPAddress containing the IP address of a server. The CA MUST confirm that the Applicant controls the Fully-Qualified Domain Name or IP address or has been granted the right to use it by the Domain Name Registrant or IP address assignee, as appropriate. Wildcard FQDNs are permitted.* BR #9.2.2 (section Section 7.1.4.2.2 in BR version 1states:** Certificate Field: '''subject:commonName''' (OID 2.5.4.3) , Subject Common Name Field** Required/Optional: Deprecated ('''Deprecated (Discouraged''', but not prohibited)'''** Contents: If present, this field '''MUST contain a single IP address or Fully-Qualified Domain Name that is one of the values contained in the Certificate’s subjectAltName extension ''' (see Section 9.2.1 - or section 7.1.4.2.1 in BR version 1.3).