When a CSR is created through the Server Certificates interface in the admin console, and the issuer information is updated the only information the CSR will contain is the CN.
Create new CSR in openfire server certificates page
Update issuer information
Verify that issuer information is in generated CSR
Openfire is currently placing the issuer information in the issuerDN and just the XMPP domain in the subjectDN and the subjectAltNames like in the following example:
critical(false) 22.214.171.124 value = DER Sequence
Tagged  IMPLICIT
I'm trying to figure out if our interpretation of the specs was correct and if most CAs will be happy with our CSR.