Hi Sam,
Check the registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\SAP\SecureLogin\profiles\<Profile Name>]. There you have your client policy configuration downloadedfrom your group policy.
What do you want to verify in your SSL server certificate? How did your SSL server certificate DName lookslike?
How is the CN part? Like CN=FQDN (Fully Qualified Dinstinguish Name)? If yes, you should let the sslHostCommonNameCheck checked. Did you have a Subject Alternative Name in your SSL server certificate? If not, uncheck this configuration in the Client Authentication profile and download your group policy again. Repeat the certificate enrollment again.
KR
Valerie