go-grpc TSL authentication solution transport: authentication handshake failed: x509 certificate relies on ... ...

一、问题描述：transport: authentication handshake failed: x509: certificate relies on legacy Common Name field, use SANs or temporarily enable
二、背景环境：我的环境windows go 1.17,linuxSolution to this problem also work.
三、首先需要 下载SSL

After you clicked on the link will see the above image shows the page,Download for the first time I saw a blog said literally click on a download,And then I didn't watch carefully,因为我的电脑是64位的,I just got aWin64的,Then the boy,Behind a total uninstall downloaded three times,不要下载forRAM的,Will not be allowed to install,（ARM64是ARM中64位体系结构,x64是x86系列中的64位体系.ARM属于精简指令集体系,汇编指令比较简单.x86Belong to the complex instruction set system,Assembly instruction more.Belong to two different system.看不懂没关系,As long as you know are two different system,That's not going to download, of course also use）不要下载Light的,Because you will find behind needopenssl.cnf文件.
1、According to your system directly to get the biggest one of the two.After the download is complete direct point openexe一直next安装好就可以了.
2、将openSSL的binThe path of the directory where the inpath环境变量中,然后重启电脑.
3、生成普通的key
openssl genrsa -des3 -out server.key 2048
（记住设置的密码,Command directly on the terminal execution is good,我直接在golandThe terminal execution）
4、生成ca的crt
openssl req -new -x509 -key server.key -out ca.crt -days 3650
Met just fill things directly enter
5、生成csr
openssl req -new -key server.key -out server.csr
6、更改openssl.cnf （Linux 是openssl.cfg）
1）A copy of your installationopenssl的bin目录里面的openssl.cnf File to the directory where you,我放在了keys文件夹下.
2）找到 [ CA_default ],打开 copy_extensions = copy （就是把前面的#去掉）
3）找到[ req ],打开 req_extensions = v3_req # The extensions to add to a certificate request
4）找到[ v3_req ],添加 subjectAltName = @alt_names
5）添加新的标签 [ alt_names ],和标签字段

DNS.1 = *.org.haha.com
DNS.2 = *.haha.com

7、生成证书私钥test.key
openssl genpkey -algorithm RSA -out test.key
8、通过私钥test.key生成证书请求文件test.csr（注意cfg和cnf）

openssl req -new -nodes -key test.key -out test.csr -days 3650 -subj "/C=cn/OU=myorg/O=mycomp/CN=myname" -config ./openssl.cnf -extensions v3_req

test.csrIs the above generated the certificate request file.ca.crt/server.key是CA证书文件和key,用来对test.csr进行签名认证.The two files in the first part.
9、生成SAN证书

openssl x509 -req -days 365 -in test.csr -out test.pem -CA ca.crt -CAkey server.key -CAcreateserial -extfile ./openssl.cnf -extensions v3_req

10、Then, can be used in GO 1.15 以上版本的GRPC通信了
The server load code

creds, err := credentials.NewServerTLSFromFile("test.pem", "test.key")

The client loading code

creds,err := credentials.NewClientTLSFromFile("test.pem","*.org.haha.com")

这个问题怎么说呢,试了很多的方法,Finally use this method to solve the record here.
感谢 thankyou~