For example, according to RFC 6125, hostname verification should be done against the certificate’s subjectAlternativeName’s dNSName field and not the CN (https://tools.ietf.org/html/rfc6125#section-1.5). it is possible to add the proper extensions using the OpenSSL commands and configuration.
Additionally, we should show the proper OpenSSL commands for making a certificate request and sign it using a CA or an intermediate authority instead of a self-sign certificate which is not a common practice for enterprise deployments.