1. Install OpenSSL
2. Create a RSA key for your Apache server:
cd /apacheserverroot/conf/ssl.key (ssl.key is the default key directory.)
NOTE: If you have a different path, cd to your server’s private key directory...
3. Type the following command to generate a private key that is file encrypted. You will be prompted for the password to access the file and also when starting your web server.
Warning: If you lose or forget the pass phrase, you must purchase another certificate.
#openssl genrsa -des3 -out domainname.key 2048
You could also create a private key without file encryption if you do not want to enter the pass phrase when starting your web server:
#openssl genrsa -out domainname.key 2048
Note: We recommend that you name the private key using the domain name that you are purchasing the certificate for ie domainname.key
4. Type the following command to create a CSR with the RSA private key (output will be PEM format):
#openssl req -new -key domainname.key -out domainname.csr
* Note: You will be prompted for your PEM pass phrase if you included the "-des3" switch in step 3.
5. When creating a CSR you must follow these conventions. Enter the information to be displayed in the certificate. The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?.,&
Common Name : The fully qualified domain name for your web server. This must be an exact match.
Organization : The exact legal name of your organization. Do not abbreviate your organization name.
Organization Unit : Section of the organization
City or Locality : The city where your organization is legally located.
State or Province : The state or province where your organization is legally located. Can not be abbreviated.
Country : The two-letter ISO abbreviation for your country.
6. Do not enter extra attributes at the prompt. Warning: Leave the challenge password blank (press enter) Note: If you would like to verify the contents of the CSR, use the following command:
#openssl req -noout -text -in domainname.csr
7. Submit the CSR during a enrollment by opening the CSR in a text editor such as Notepad or Vi and copying and pasting the text into the Enter CSR box.
8. We recommend that you create a backup of your private key
To do this make a copy of the private key file (domainname.key) generated in step 3 and store it in a safe place. If you lose this file, you must purchase a new certificate.
* The private key file should begin with (when using a text editor)
-----BEGIN RSA PRIVATE KEY
----- and end with -
----END RSA PRIVATE KEY-----.
To view the contents of the private key, use the following command:
openssl rsa -noout -text -in domainname.key
from : https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO13985