Add to openssl.cnf
[ CA_default ]
x509_extensions = usr_cert # The extentions to add to the cert
x509_extensions = v3_req
req_extensions = v3_req
#Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
#Some CAs do not yet support subjectAltName in CSRs.
#Instead the additional names are form entries on web
#pages where one requests the certificate...
subjectAltName = @alt_names
DNS.1 = ssl.website.com
DNS.2 = ssl.website2.com
DNS.3 = webmail.website.com