IDP: 3rd Party
SP: PAM 3.1.1
Browser: Chrome, IE11
This certificate error message is misleading. It gives impression that the CN value of the certificate was invalid.
The CN value did not include any invalid characters. It had hyphen in the name but that is legal character.
This certificate in question passes all 3 criteria.
1. Does the CN(or SAN) value match the FQHN/DNS of the server? Yes
2. Is the Certificate Trusted? Yes
3. Is the Certificate Valid? Yes
From research this error can occur when Self-Signed Certificate is used.
Deployed on PAM a new certificate that was issued by a Certificate Authority.
This is not specific to PAM, when IE meets a self-signed certificate, you may encounter this error.