Changes

Some CAs '''mistakenly ''' believe that one primary DNS name should go into the Subject Common Name and all the others into the SAN. That  According to the [https://www.cabforum.org/documents.html CA/Browser Forum Baseline Requirements:]* BR #9.2.1, Subject Alternative Name Extension** Required/Optional: '''s wrongRequired'''** Contents: This extension MUST contain at least one entry. ALL should go into Each entry MUST be either a dNSName containing the Fully-Qualified Domain Name or an iPAddress containing the IP address of a server.* BR #9.2.2, Subject Common Name Field** Required/Optional: '''Deprecated (Discouraged, but not prohibited)'''** Contents: If present, this field MUST contain a single IP address or Fully-Qualified Domain Name that is one of the values contained in the SANCertificate’s subjectAltName extension (see Section 9.2.1).