Certificate's CN field is not validated against DNS name, making it's possible to use valid certificate with wrong CN.
vulners.com/securityvulns/securityvulns:doc:18095