diff --git a/cert-manager.py b/cert-manager.py
index d51978c..27b4273 100755
--- a/cert-manager.py
+++ b/cert-manager.py
@@ -173,6 +173,11 @@ def main():
     print(f"✓ Detected: {system_info['name']}")
     
     common_name = prompt_with_default("Common Name (FQDN)", config['last_common_name'])
+
+    # Ask for additional DNS names
+    print("\nAdditional DNS names (optional, comma-separated):")
+    print("  Example: firewall.domain.com,vpn.domain.com")
+    additional_dns = input("Additional DNS names [none]: ").strip()
     
     if not common_name:
         print("Error: Common name is required!")
@@ -197,6 +202,8 @@ def main():
     print(f"System Type:     {system_info['name']}")
     print(f"Target Host:     {target_host}")
     print(f"Common Name:     {common_name}")
+    if additional_dns:
+        print(f"Additional DNS:  {additional_dns}")
     print(f"Country:         {country}")
     print(f"State:           {state}")
     print(f"Locality:        {locality}")
@@ -232,7 +239,8 @@ def main():
         locality,
         organization,
         org_unit,
-        key_bits
+        key_bits,
+        additional_dns
     ]
     
     try:
diff --git a/generate-csr.sh b/generate-csr.sh
index 1482d3f..3d7d9bd 100755
--- a/generate-csr.sh
+++ b/generate-csr.sh
@@ -1,14 +1,14 @@
 #!/bin/bash
 # Script to generate a certificate request on a remote host
-# Usage: ./generate-csr.sh <hostname> <common-name> [country] [state] [locality] [org] [ou] [key-bits]
+# Usage: ./generate-csr.sh <hostname> <common-name> [country] [state] [locality] [org] [ou] [key-bits] [additional-dns]
 
 set -e
 
 # Check arguments
 if [ $# -lt 2 ]; then
-    echo "Usage: $0 <hostname> <common-name> [country] [state] [locality] [org] [ou] [key-bits]"
+    echo "Usage: $0 <hostname> <common-name> [country] [state] [locality] [org] [ou] [key-bits] [additional-dns]"
     echo ""
-    echo "Example: $0 192.168.1.100 myserver.domain.com DE berlin berlin egonetix it 4096"
+    echo "Example: $0 192.168.1.100 myserver.domain.com DE berlin berlin egonetix it 4096 'firewall.domain.com,vpn.domain.com'"
     exit 1
 fi
 
@@ -20,6 +20,7 @@ LOCALITY="${5:-berlin}"
 ORG="${6:-egonetix}"
 OU="${7:-it}"
 KEY_BITS="${8:-4096}"
+ADDITIONAL_DNS="${9:-}"
 
 # Extract short hostname from common name
 SHORT_NAME=$(echo "$COMMON_NAME" | cut -d'.' -f1)
@@ -49,6 +50,9 @@ echo "Locality:      $LOCALITY"
 echo "Organization:  $ORG"
 echo "Org Unit:      $OU"
 echo "Key Length:    $KEY_BITS bits"
+if [ -n "$ADDITIONAL_DNS" ]; then
+    echo "Additional DNS: $ADDITIONAL_DNS"
+fi
 echo "Output file:   $OUTPUT_FILE"
 echo "=========================================="
 echo ""
@@ -66,6 +70,20 @@ DNS.$DNS_COUNTER = ${SHORT_NAME}.${COMMON_NAME#*.}"
     ((DNS_COUNTER++))
 fi
 
+# Add additional DNS names if provided
+if [ -n "$ADDITIONAL_DNS" ]; then
+    IFS=',' read -ra EXTRA_DNS <<< "$ADDITIONAL_DNS"
+    for dns in "${EXTRA_DNS[@]}"; do
+        # Trim whitespace
+        dns=$(echo "$dns" | xargs)
+        if [ -n "$dns" ]; then
+            SAN_DNS="$SAN_DNS
+DNS.$DNS_COUNTER = $dns"
+            ((DNS_COUNTER++))
+        fi
+    done
+fi
+
 # Add IP address if detected
 SAN_IP=""
 if [ -n "$TARGET_IP" ]; then