i have an existing cert with 15 SubjectAlternativeName entries.
How can I use keytool to add several more SubjectAlternativeName entries to the keystore's certificate without invalidating it.
I'm wondering if there is a way to upgrade the keystore without a new request/csr.
You can't modify an already-issued certificate; EVER. That's the whole point of having it digitally signed by a Certification Authority in the first place.
You need to generate (or request) a new one if you need to change anything, including of course the SANs it includes.
You will need to submit a new request to your issuer.
The certificate you already have will have to be replaced with the newly issued certificate. The SANs (and other certificate properties) are part of the specific certificate/key pair that was issued to you. (Some vendors call this process a reissue, as opposed to issuing a new certificate)
If you could add SANs to an existing certificate yourself, there is nothing to stop you from putting whatever you want... You could have a cert for mydomain.com and add a SAN of www.google.com. Any of these types of changes must be performed by a Certificate Authority, and a new certificate issued with those changes. This is the whole chain of trust that makes the certificate issuing process work.
