Certs invalid on Chrome 58 due to CN Deprecation
TL;DR: Chrome 58 only looks at the SAN in a cert for validating hostnames and not the CN. Please add a SAN for the hostname when generating the cert.
In 2000, RFC 2818 (https://tools.ietf.org/html/rfc2818) "deprecated" checking CN in favor of using SAN. 17 years later, browsers are actually doing so, with Chrome 58 and Firefox 48: https://www.chromestatus.com/features/4981025180483584 (Apparently this has been supported by both the RFC mentioned and the CAB Forum guidelines.)
Thanks for this report. We’ve reproduced this problem and will work on a fix soon.