I have been looking for the way how to generate CSR included subjectAltName. This is a supplemental article for X509証明書項目-対象者代替名称(subjectAlternativeName) - Shammerism.

1. enable(remove comment character) the line "req_extensions = v3_req"
2. enable following configuration in openssl.cnf like below

[ v3_req ]
subjectAltName=$ENV::SAN

1. export SAN=DNS:example.xyz,DNS:Test.example.xyz

Next, generate CSR by opennssl req command. I have no idea about the detail but SAN should include "DNS:". The value just included Hostname only is invalid. When the value is invalid, you would see the message "Error Loading request extension section v3_req".