Regular Certificate or wildcard
You can do it on any server with openssl installed with this command:
openssl req -sha256 -new -newkey rsa:4096 -nodes -keyout server.key -out server.csr
Your private key will be inside server.key and the csr to get get the certificate will be inside server.csr
*Hint: The common name must match your domain name like www.example.com. For wildcard certs, use *.example.com as cmmon name.
Certificate with multiple alternative names (SAN)
Create a file server.san
Example:
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no
[ req_distinguished_name ]
countryName = BE
stateOrProvinceName = OVL
localityName = Gent
organizationName = Hosted Power
commonName = www.hosted-power.com
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = www.hosted-power.com
DNS.2 = hosted-power.com
DNS.3 = hosted-power.be
DNS.4 = www.hosted-power.nl
DNS.5 = mail.hosted-power.com
Now generate the private key and csr:
openssl req -sha256 -new -newkey rsa:4096 -nodes -keyout server.key -out server.csr -config server.san