Generating a CSR on an NGiNX Server
1. Log into your server via SSH, and then at the prompt enter the following command
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
where ‘server’ is the name of your server or hostname.
2. This will generate two files: your Private Key (KEY) and your Certificate Signing Request (CSR). These will both be needed: the KEY for the decryption of your SSL Certificate, and the CSR for requesting your certificate from your certificate vendor.
You will be prompted for a Common Name for the certificate, where you will enter the fully qualified domain name for the site you are securing.
The remainder of information pertains to your organization, beginning with geographic information and may or may not be pre-populated within your server.
Your KEY and CSR file will now be generated. Choose where to save them and then open with a text editor and copy/ paste all the data (including BEGIN and END tags) over to your certificate vendor to request the certificate.