I have to do this every three years, and its always a pain to remember
sudo su cd /etc/ssl/mycerts/ openssl reg -new -newkey rsa:2048 -nodes -keyout serverdomain.key -out serverdomain.csr
Answer the questions. Most places don't care about the Organizational Unit. Leave the challenge password blank (press Enter).
Copy the output (including the BEGIN and END tags) to the form of the supplier.