A new valid certificate needs to be created to include the subjectAltName property, and should be added directly when creating an SSL self-signed certificate using openssl command, by specifying an -addext flag. For instance:

GENERAL: What should I do if I get an "x509: certificate relies on legacy Common Name field" error?

AuthorFullName__c
Elina Floim
articleNumber
000005188
ft:sourceType
Salesforce
FirstPublishedDate
2021-12-27T08:19:57Z
lastModifiedDate
2022-05-31
VersionNumber
5
-addext "subjectAltName = DNS:domain-name.com"

(available from OpenSSL 1.1.1. More on this can be found on this StackExchange thread)


As a workaround, the behavior in which the CommonName field is being treated can be temporarily re-enabled by adding the value x509ignoreCN=0 to the GODEBUG environment variable. For instance, by running the following command in the terminal:

echo 'GODEBUG=x509ignoreCN=0' > ~/.profile

The certificate file can be then inspected to confirm that it contains the Subject Alternative Name:

openssl x509 -in server.crt -noout -text

Which output should include an entry similar to this:

X509v3 Subject Alternative 
   Name: DNS:myserver.com

NOTE: Xray versions greater than 3.37 are bundled with an updated version of Go. Starting from Go version 1.18, the GODEBUG=x509ignoreCN=0 flag is deprecated, therefore, the certificates should be updated to overcome the error as the workaround will no longer be valid.