Creating the Certificate Signing Request file in Apache mod-SSL :

The utility "OpenSSL" is used to generate both Private Key (key) and Certificate Signing request (CSR). OpenSSL is usually installed under
/usr/local/ssl/bin.
If you have a custom install, you will need to adjust these instructions appropriately.

To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver, "myserver", use the following command :

openssl req -new -nodes -keyout myserver.key -out myserver.csr

This creates two files (you will be asked a few questions, see below). The file myserver.key contains a private key; do not disclose this file to anyone. Carefully protect the private key.

In particular, be sure to backup the private key, as there is no means to recover it, if it would ever get lost. The private key is used as input in the command to generate a Certificate Signing Request (CSR).

You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank.
For some fields there will be a default value,
If you enter '.', the field will be left blank.

Country Name (2 letter code) [AU]:be
State or Province Name (full name) [Some-State]:Brussel
Locality Name (eg, city) []:Brussel
Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyCompany
Organizational Unit Name (eg, section) []:System Administration
Common Name (eg, YOUR name) []:myserver.mydomain.be
Email Address []:

Please enter the following 'extra' attributes to be sent with your certificate request

A challenge password []:
An optional company name []:

Use the name of the webserver as Common Name (CN). If the domain name is "mydomain.be" append the domain to the hostname (use the fully qualified hostname).

The fields "email address", "optional company name" and "challenge password" can be left blank for a webserver certificate.