create SAN CSR with openssl

Generate some new private rsa key:
# openssl genrsa -out key 4096

Populate a custom conf-file for using:
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req

[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = DE
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Baden-Wuerttemberg
localityName = Locality Name (eg, city)
localityName_default = Goeppingen
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default =
commonName = domain.org
commonName_max = 64

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = domain.org
DNS.2 = autodiscover.domain.org
DNS.3 = exchange.domain.org
DNS.4 = fancy-other-name.domain.org

Check the output
# openssl req -text -noout -in san_domain_com.csr

Generate the CSR for your favorite CA:
# openssl req -sha256 -new -out san_domain_com.csr -key key -config openssl.conf