Have you found much trouble with clients that can't cope without CN? Is this one of those situations where anything that can't cope is also hopeless for other reasons (e.g. can't speak TLS 1.2, doesn't understand IPv6, that sort of thing) and so you can tell people you're not their biggest problem ?
I'm aware that PKIX deprecated use of CN for this purpose at the turn of the century, but when browsers began ignoring CN about a decade ago (which is the first half of the adoption curve) I know Google had to ship an enterprise override for people whose corporate systems could not cope. If it's true that all or almost all systems now work properly that's great news.
