Before ordering an SSL certificate, you need to generate a CSR.

openssl genrsa -out domain.com.key 2048

openssl req -new -sha256 -key domain.com.key -out ~/domain.com.ssl/domain.com.com.csr

by one command:

openssl req -new -newkey rsa:2048 -nodes -keyout NAME.key -out NAME.csr

Common Name The fully qualified domain name for your web server. This must be an exact match. If you intend to secure the URL https://www.yourdomain.com, then your CSR’s common name must be www.yourdomain.com. If you plan to get a wildcard certificate, make sure to prefix your domain name with an asterisk, for example: *.domain.com.
Organization Name The exact legal name of your organization. Do not abbreviate your organization name. domain.com
Organizational Unit Section of the organization. IT
City or Locality The city where your organization is legally located. Wellesley Hills
State or Province The state or province where your organization is legally located. Do not use an abbreviation. Massachusetts
Country The two-letter ISO abbreviation for your country. US

www.domain.com

openssl req -in mycsr.csr -noout -text - show request

To generate a DKIM key with openssl, do the following – this will generate you a 1024 bit DKIM key:

openssl genrsa -out private.key 1024
openssl rsa -in private.key -pubout -out public.key

Your generated public key will remind something like below:

—–BEGIN PUBLIC KEY—–
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYFnr/FncHM2LkH7CgK4/9FWdp
b+XHMaQ11vOfbD9hmhZgYtNOu8cQhECD0j8MpSwPELll3zz+jxEaAJnej5RJpqcW
v4N1TbZ/kRItE1jQ8HiLhlQcVibuetcXiYD0sRccbAwNgQ9XVTf0FhH3Ek7ABkz8
PCZaebWvFsNlqNWqxwIDAQAB
—–END PUBLIC KEY—–