A CSR is a file containing your certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the webform during enrollment process.
To generate a pair of private key and public Certificate Signing Request (CSR) for a domain, use the following command :
openssl req -new -nodes -keyout mydomain.key -out domain.csr
That creates two files. The file mydomain.key contains a private key; do not disclose this file to anyone. Carefully protect the private key.
In particular, be sure to backup the private key, as there is no means to recover it should it be lost. The private key is used as input in the command to generate a Certificate Signing Request (CSR).
You will now be asked for details to be entered into your CSR. What you are about to enter is what is called a Distinguished Name or DN. For some fields there will be a default value, if you enter '.', the field will be left blank.
----- Country Name (2 letter code) [AU]: GB State or Province Name (full name) [Some-State]: Yorks Locality Name (eg, city) ]: York Organization Name (eg, company) [Internet Widgits Pty Ltd]: MyCompany Ltd Organizational Unit Name (eg, section) ]: IT Common Name (eg, YOUR name) ]: domain.com Email Address ]: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password ]: An optional company name ]: -----
Use the name of your domain as a Common Name (CN).
Check the content of the certificate request file:
openssl req -noout -text -in domain.csr
Your CSR is now created. Open domain.csr in a text editor and copy and paste the contents into online enrollment form when requested.