Even if you have:
in the certificate as alternative names, it won’t let you load that cert using the UI. If you load it in with keytool - it works fine, but the main page shows a complaint saying it’s not valid for ‘domain.com’, even though it clearly is.