As mentioned initially in (58) in ZBXNEXT-1263, there is a trend to move away from "commonName" (see http://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl/27931596#27931596 and http://unmitigatedrisk.com/?p=381) in favor of "subjectAltName". The current implementation only checks "commonName" (in "Subject" only!) and ignores "subjectAltName". This means that if a Web server certificate omits "commonName" and uses "subjectAltName", this certificate cannot be reused for Zabbix if a user wants to verify the hostname.