Istio 1.6.5: Chiron generated cert doesn't include the custom dnsNames as SAN

Trying to enable mTLS and following the certificate generation as in here:

but the generated secret/certificate doesn’t have the X509v3 Subject Alternative Name: field at all
Also, the generated secret has json with fields names as ‘cert-chain.pem’ and ‘key.pem’ for certificate and key respectively but the ingress gateway is expecting field names to be ‘tls.crt’ and ‘tls.key’ and is throwing an error when reading it :

warn secretfetcher failed load server cert/key pair from secret : server cert or private key is empty

Any help on these issues is much appreciated. Many thanks

cc @Oliver for certificate related issues.