I tried Googling and haven't been able to find anything reliable that shows me how to generate the CSR. I have multiple domains, that I'd like added so I can't use the usual OpenSSL wizard:
*.domain1.com *.domain2.com How can I get this generated?
openssl req -new -newkey rsa:2048 -nodes -keyout private.key -out csr.pem \ -subj "/C=US/ST=California/L=San Francisco/O=Your Company/OU=Your Department/CN=example.com" \ -addext "subjectAltName=DNS:example.com,DNS:www.example.com" 
As per your requirements, you want to secure multiple domains and its unlimited numbers of sub-domains. You can do it with multi domain wildcard certificate. To generate CSR using OpenSSL wizard, you have to follow below steps.
Login into your server.
Create an OpenSSL configuration file named san.cnf using the following information.
[ req ] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] countryName = Country Name (2 letter code) stateOrProvinceName = State or Province Name (full name) localityName = Locality Name (eg, city) organizationName = Organization Name (eg, company) commonName = Common Name (e.g. server FQDN or YOUR name) [ req_ext ] subjectAltName = @alt_names [alt_names] DNS.1 = domain.com DNS.2 = *.domain2.com DNS.3 = *.domain3.com DNS.4 = *.domain4.com Note: Change or add additional DNS names as per your requirements.
Save the file and run the following OpenSSL command to create the Certificate Signing Request and a new Key file.
openssl req -out sslcert.csr -newkey rsa:2048 -nodes -keyout private.key -config san.cnf Now you have CSR file “domain.csr” and send it to your certification authority so they will issue a certificate with SAN.
*.example.org will not be valid for example.org. You would need to specify both.
openssl.cnforsan.cnf... see this very helpful answer: security.stackexchange.com/a/198409/208757