申请SSL证书，首先要生成证书请求文件CSR，下面是在服务器上通过OpenSSL生成CSR和key私钥，在安装有openssl的服务器上输入如下命令 ，然后回车，这将生成key 和 CSR

openssl req -out server.csr -new -sha256 -newkey rsa:2048 -nodes -keyout server.key

以上是生成CSR和私钥的命令， 以下是整个生成过程供参考。

[root@lala ~]# openssl req -out server.csr -new -sha256 -newkey rsa:2048 -nodes -keyout server.key

Generating a 2048 bit RSA private key
.........................................................................+++
...................................................+++
writing new private key to 'www_cheapssl_cn.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN //国家 中国填写CN 
State or Province Name (full name) []: Guangdong //省 
Locality Name (eg, city) [Default City]: Guangzhou //市 
Organization Name (eg, company) [Default Company Ltd]:  中山市镭铭网络科技有限公司  //填写组织或企业名称 ，如果是个人可以填写网站域名或者个人姓名  
Organizational Unit Name (eg, section) []: IT //部门 
Common Name (eg, your name or your server's hostname) []: www.cheapssl.cn //这个最重要 填写要申请证书的域名 
Email Address []: info@cheapssl.cn //邮箱 可不填写

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: //不用填写 回车即可
An optional company name []: //不用填写 回车即可

完成后将生成两个文件 server.csr 和 server.key ，打开 server.csr ，复制里面所有代码，用于申请证书 ，保存好 server.key ，安装的时候要用到这个文件。

打开 server.csr ，打开这个文件 ，你会看到一段包含如下开头和结尾的代码

—–BEGIN CERTIFICATE REQUEST—–

.......

—–END CERTIFICATE REQUEST—–

请复制这段代码用于申请SSL证书

​打开 server.key ，打开这个文件 ，你会看到一段包含如下开头和结尾的代码

—–BEGIN RSA PRIVATE KEY—–

......

—–END RSA PRIVATE KEY—–