Help - How do I generate a private key and CSR using OpenSSL?

Firstly you will need to run the following command, preferably in secured directory no one else can access, however protecting your private keys is beyond the scope of this document. 

# openssl req -nodes -new -keyout private.key -out server.csr

Then the system will try to generate some very random numbers to get a secure key. 

Generating a 1024 bit RSA private key
...++++++
....++++++
writing new private key to 'private.key'

You will then be asked to enter information about your company into the certificate. Below is a valid example: 

Country Name (2 letter code) [AU]:AU
State or Province Name (full name) [NSW]:NSW
Locality Name (eg, city) [Sydney]:Sydney
Organization Name (eg, company) [XYZ Corp]:CAcert Inc.
Organizational Unit Name (eg, section) [Server Administration]:.
Common Name (eg, YOUR name) []:www.cacert.org
Email Address []:no-returns@cacert.org

Finally you will be asked information about 'extra' attribute, you simply hit enter to both these questions.

Next step is that you submit the contents of server.csr to the CAcert website, it should look *EXACTLY* like the following example otherwise the server may reject your request because it appears to be invalid. 

-----BEGIN CERTIFICATE REQUEST-----
MIIBezCB5QIBADA8MRcwFQYDVQQDEw53d3cuY2FjZXJ0Lm9yZzEhMB8GCSqGSIb3
DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQDQd1+ut4TJLWZf5A9r3D17Kob+CNwz/jfCOYrH0P6q1uw4jfSyrWUeSaVc
59Xjpov8gRctlAuWM9KavkLSF6vcNdDEbvUYnL/+ixdmVE9tlXuSFEGz0GAF5faf
QZe30wk+2hnC6P+rwclypOhkTXtWgvSHPZg9Cos8xqDyv589QwIDAQABoAAwDQYJ
KoZIhvcNAQEEBQADgYEAJruzBZr4inqaeidn1m2q47lXZUWjgsrp3k3bFJ/HCb3S
2SgVqHFrOisItrr7H0Dw2EcPhIrRokRdjIAwwlxG9v21eFaksZUiaP5Yrmf89Njk
HV+MZXxbC71NIKrnZsDhHibZslICh/XjdPP7zfKMlHuaaz1oVAmu9BlsS6ZXkVA=
-----END CERTIFICATE REQUEST-----

Once you've submitted it the system will process your request and send an email back to you containing your server certificate.