CN vs SAN

Common Name

Common Name (简称 CN) 代表了 ssl 证书保护的主机名。只有当前请求的主机名和证书的主机名匹配时，证书才被认为是有效的。 当用户浏览一个 https 网页时，如果证书的主机名和用户请求的主机名不匹配，浏览器会给用户提示一个警告。

Subject Alternate Names

SAN 是 Subject Alternate Names 的缩写。SAN 是 X.509 规范的扩展，它允许在一个证书中指定多个主机名， 当你访问 verytools.net 网站时，点击浏览器地址栏中的“小锁”图标，可以查看证书
信息，其中就有 SAN 信息，可以看下图：

Originally, SSL certificates only allowed the designation of a single host name in the certificate subject called Common Name (CN) but now this has undergone change and a certificate is first verified for SAN and if no SAN is defined it falls back to CN.

It is still a practice to define both CN and SAN when requesting a certificate. An important point is that CN and SAN are not complimentary and any CN defined should be a subset of SAN list.