You can generate a CSR request (.csr) and a private key (.key) using a single openssl command.
Note: Make sure you backup the private key. The private key is in pair with the CSR request, so if you lose it, you will not be able to install your SSL certificate on server. However, if you lose your private key, you can apply for a free replacement.
On a Linux or Mac machine, simply navigate to the directory where you want to generate the CSR and private key. On a Windows machine, open a command prompt and navigate to your openssl / bin directory.
openssl req -new -newkey rsa:2048 -nodes -keyout private.key -out request.csr
Fill out the fields as prompted but keep in mind that some language-specific characters (e.g. á, é, ø, ü, ç…) and the following characters are not accepted: * / \ ( ) ? @ # $ . , < > ~ ! & % ^
|Country Name||US||(2-letter, ISO 3166-1 standard code)|
|State or Province||New Hampshire||(full State name)|
|Locality||Portsmouth||(full City name)|
|Organization||Company name||(or your full name)|
|Organizational Unit||Security||(a department)|
|Common Name *||www.your-domain.com||(fully qualified domain name, or wildcard)|
* Common Name
Common Name is the domain name you want to secure.
To secure a single domain both with "www" and without "www", you must prepend "www" (e.g. www.alpirossl.com). If you do that, we will do a little magic with the certificate, so it will cover both www.alpirossl.com and also alpirossl.com. But, if you submit a CSR for a domain name without "www", the certificate will not secure the domain with "www". This option cannot be changed once you complete the certificate's activation.
To secure a sub-domain (3rd-level domain or higher, e.g. sub.alpirossl.com), then fill in the sub-domain as it is without "www". The free extension is not applicable to sub-domains.
To secure unlimited sub-domains (applicable only to wildcard SSL certificates), prepend a wildcard character to the domain name (e.g. *.alpirossl.com). The wildcard character must be the first character.