This bug was initially created as a copy of Bug #1889437 I am copying this bug because: This is for RHEL7 tracking. Description of problem: Go 1.15 is more strict in the handling of x.509 certs, rejecting those with invalid CN values. The deprecated, legacy behavior of treating the CommonName field on X.509 certificates as a host name when no Subject Alternative Names are present is now disabled by default. It can be temporarily re-enabled by adding the value x509ignoreCN=0 to the GODEBUG environment variable. Version-Release number of selected component (if applicable): 1.15.x How reproducible: Always. Steps to Reproduce: 1. Have cert with CN and no SANs 2. Make https request to Go server 3. Cert is rejected and connection closed Actual results: Cert is rejected Expected results: Cert is accepted but with warning message. Additional info:
*** This bug has been marked as a duplicate of bug 1892726 ***