Tried searching for my answers but can't seem to find one or my search strings were all wrong (not native English). If answered before just point me in the right direction.

I want to install Zimbra (open source edition) in such a way that a user can login on their own domain url and do it in a secure way.

So as an example.

Zimbra is installed on firstone.com and I als host mail for secondone.com and thirdone.com. I want the users to be able to logon to webmail.firstone.com webmail.secondone.com and webmail.thirdone.com and mail with their domain.

All of the above is not a problem for me. The thing is with the certificates. For what do I create a csr if I want the url to read https://webmail.secondone.com ?

Looking at the csr create wizzard you need to put a domain at the CN entry and at the SAN entry. Do I put webmail.secondone.com at both entries or secondone.com at the CN and webmail.secondone.com at the SAN entry?

Please advice.