If one needs to use certreq to obtain a certificate, but the certificate signing request does not explicitly ask for it, here’s the command to get it anyway:

certreq -f -q -submit -attrib “CertificateTemplate:WebServer\nSAN:dns=<hostname>&dns=<hostname>.mydomain.com&ipaddress=<IP Address>” -config “<Config Name>” <Certificate Request File>.csr <Certificate File>.cer

The key part is in the attrib string following the new line “\n” bit where SAN: is then defined.  In this example, three are defined: the hostname, fully qualified domain name and the IP address.