A certificate request and key are required to obtain an ssl certificate and then install it on a www, mail or jabber server.
First you need to generate a key. All you need is to run a command in the console:
# openssl genrsa -aes256 -out privkey.key 2048
This will create a key that is password protected and encrypted with the AES-256 algorithm. If this is not required, remove the -aes256 flag.
The number 2048 is the key size in bits. Today, 2048 bits is the optimal key size.
After creating the key, you need to generate a certificate request (or, as some certificate authorities call the "certificate signing request").
The request file is sent to the certificate authority to receive a signed certificate.
You can also sign the certificate yourself if you have your own certificate authority or when creating a self-signed certificate.
The certificate request is generated by the command:
# openssl req -new -key privkey.key -out cert.csr
In the process several questions will be asked: country code, region, company name, domain name, owner's email.
Now the cert.csr file can be sent to a certification authority, where a series of inspections will take place, in accordance with its center policy, and, in most cases, will require payment. Then send you the finished certificate.
There are free certificate authorities, such as startssl.com.