According to RFC 5280, a certificate can have an empty subject field if it has a SubjectAlternativeNames extension. Currently jarsigner displays the subject when `-verbose -certs` is specified and it's empty in this case. We should considering showing an SAN there. Which one to choose if there are multiple is TBD. We might probably need a label to show the name is from SAN instead of subject.

So far I've seen such certs with SAN including either an emailAddress or a uriName.