Generating a Certificate Signing Request
To purchase an SSL certificate from a CA, you need first to generate what is called a CSR, or Certificate Signing Request. This is submitted to the CA of your choice, and is used to create the official SSL certificate that will be returned to you, and with which you may secure your Web server.
The CSR request is straightforward; it's effected on the command line with OpenSSL as follows:
/usr/local/ssl/install/bin/openssl req -new -key domainname.com.key -out domainname.com.csr
This command creates the .csr file that is sent or uploaded to a CA during the process of ordering an SSL certificate.