we can generate a certificate Signing Request (CSR) from Linux in following steps:

1, The first step is to generate a key
openssl genrsa -des3 -out server.key 2048

Generating RSA private key, 2048 bit long modulus
..........................++++++
.......++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:

You can now enter your passphrase. For best security, it should at least contain eight characters. The minimum length when specifying -des3 is four characters. It should include numbers and/or punctuation and not be a word in a dictionary. Also remember that your passphrase is case-sensitive.

Re-type the passphrase to verify. Once you have re-typed it correctly, the server key is generated and stored in the server.key file.

Now create the insecure key, the one without a passphrase, and shuffle the key names:

openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key

The insecure key is now named server.key, and you can use this file to generate the CSR without passphrase.

To create the CSR, run the following command at a terminal prompt:

openssl req -new -key server.key -out server.csr
2. Create a signed certificate
Self-signed in Linux:

To create the self-signed certificate, run the following command at a terminal prompt:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

The above command will prompt you to enter the passphrase. Once you enter the correct passphrase, your certificate will be created and it will be stored in the server.crt file.

Create a certification in Windows CA:
Send the Certificate Request
  1. In your web browser address bar, type the IP address of the server where the Certification Authority is installed, followed by certsrv.
    For example: http://10.0.2.80/certsrv
  2. Click the Request a Certificate link.
  3. Click the Advanced certificate request link.
  4. Click Submit a certificate.
  5. Paste the contents of your CSR file into the Saved Request text box.
  6. From the Certificate Template drop-down list, select Subordinate Certification Authority.
  7. Click Submit.
Issue the Certificate
  1. Connect to the server where the Certification Authority is installed, if necessary.
  2. Select Start > Control Panel > Administrative Tools > Certification Authority.
  3. In the Certification Authority (Local) tree, select Your Domain Name > Pending Requests.
  4. Select the CSR in the right navigation pane.
  5. In the Action menu, select All Tasks > Issue.
  6. Close the Certification Authority window.
Download the Certificate
  1. In your web browser address bar, type the IP address of the server where the Certification Authority is installed, followed by certsrv.
  2. Click the View the status of a pending certificate request link.
  3. Select the certificate request with the time and date you submitted.
  4. To choose the PKCS10 or PKCS7 format, select Base 64 encoded.
  5. Click Download CA certificate to save the certificate.