In order to get an SSL certificate and key (for use by an httpd server, for example), you must first create a Certificate Signing Request (CSR). Here is a typical OpenSSL command and the resulting interactive session:

        > openssl req -new -newkey rsa:2048 -keyout NAMEOFHOST.pem -nodes -out NAMEOFHOST.csr

If you already have an existing key and you simply need to generate a new csr you can use the following command:

        > openssl req -new -key FILENAME -out NAMEOFSERVER.csr

You will then be asked to provide a few bits of information. The values you will have to enter are in bold below:

        You are about to be asked to enter information that will be incorporated 
        into your certificate request.
        What you are about to enter is what is called a Distinguished Name or a DN.
        There are quite a few fields but you can leave some blank
        For some fields there will be a default value,
        If you enter ".", the field will be left blank.
        -----
        Country Name (2 letter code) [AU]:US
        State or Province Name (full name) [Some-State]:Nebraska
        Locality Name (eg, city) []:Omaha
        Organization Name (eg, company) [Internet Widgets Pty Ltd]:Creighton University
        Organizational Unit Name (eg, section) []:Your Department Name eg: DoIT
        Common Name (eg, YOUR name) []: server name eg: people.creighton.edu
        Email Address []:
       
        Please enter the following "extra" attributes
        to be sent with your certificate request
        A challenge password []:
        An optional company name []:

You can then view the contents of NAMEOFHOST.csr using a standard text editor. You will need to copy and paste everything including the -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- into the request form for a new certificate.