To generate a CSR with a new private key, run the following command:
openssl req -out CSR.csr -new -newkey rsa: 2048 -nodes -keyout privatekey.key
-out specifies file name and where the CSR is stored.
-new -newkey rsa: 2048 details around private key, rsa: 2048 describes the size (bit) of the private key. 2048 is the minimum.
-mark if you do not want the private key to be encrypted (3DES), remove the node you will need to create a password to decrypt the private key
-keyout filename and location of the private key
When you run the command, OpenSSL asks for the following:
Country Name: (2-letter ISO-3166-1 Country Code, eg NO for Norway)
State or Province: (County)
Organization: (Full legal organization name listed in Brønnøysund Registers.
Common Name: (FQDN / Domain)