生成私钥：

$openssl genrsa -out san.key 2048 && chmod 0600 san.key

创建一个配置文件。
适当更改alt_names。

$cat << EOL > san.conf
[ req ]
default_bits

= 2048
default_keyfile    = san.key #name of the keyfile
distinguished_name = req_distinguished_name
req_extensions     = req_ext
[ req_distinguished_name ]
countryName

= Country Name (2 letter code)
countryName_default

= GB
stateOrProvinceName

= State or Province Name (full name)
stateOrProvinceName_default = West Midlands
localityName

= Locality Name (eg, city)
localityName_default

= Birmingham
organizationName

= Organization Name (eg, company)
organizationName_default    = Example
commonName

= Common Name (e.g. server FQDN or YOUR name)
commonName_max

= 64
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1   = www.example.com
DNS.2   = www.example.net
DNS.3   = www.example.org
EOL

生成CSR：

$openssl req -new -nodes -sha256 -config san.conf -out san.csr

确认：

$openssl req -in san.csr -noout -text