Certs presented over the network by Cassandra have CN=hostname not CN=FQDN, I _think_ it should be enough to tell cassandra-ca-manager to switch to the fqdn
restbase2008:/etc/cassandra-a$ openssl s_client -connect restbase2008-a.codfw.wmnet:7001 CONNECTED(00000003) depth=1 CN = rootCa, OU = services, O = WMF, C = US verify error:num=19:self signed certificate in certificate chain --- Certificate chain 0 s:/C=US/O=WMF/OU=services/CN=restbase2008-a i:/CN=rootCa/OU=services/O=WMF/C=US 1 s:/CN=rootCa/OU=services/O=WMF/C=US i:/CN=rootCa/OU=services/O=WMF/C=US --- Server certificate -----BEGIN CERTIFICATE----- MIIDAjCCAeoCCQCKluomP1N31jANBgkqhkiG9w0BAQUFADA/MQ8wDQYDVQQDDAZy