Implementing SSL encryption for SQL Server in a DNS forwarding environment (CNAMEs)

If CNAMEs or aliases are being used to connect to SQL Server and SSL Certificate is enabled, applications may face connectivity issues.

[System.Data.SqlClient.SqlException]         
{"A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 0 - The certificate's CN name does not match the passed value.)"}        

https://blogs.msdn.microsoft.com/sqlserverfaq/2011/08/08/implementing-ssl-encryption-for-sql-server-in-a-dns-forwarding-environment/

In such a scenario, the certificate should have the “SUBJECT ALTERNATIVE NAME” field enabled, and this should contain the actual name or FQDN of the SQL Server as well as all the aliases.