1. Select Certificate Request from the Create menu:
2. Enter the subject name for the certificate:
3. Select the key usage for this certificate:
4. Enter the certificate request file, private key file and password:
Create Certificate Request processing steps
1. Create private and public key (save private key PKCS#8 format)
2. Create X500 Name (X509 certificate subject)
3. Create certificate request
4. Set basic constraint and flag critical
5. Set key usage extension and flag critical
6. Set subject alternate name extension (email)
7. Set subject key id extension
8. Sign and save request (PKCS#10 format).
The request contains the subject's name and public key, and is signed with the subject's private key.
Note that the subject's private key is used only to produce a signature when the request is output, and is not actually stored with the request.
The file containing the certificate request (DER encoded) can be converted to PEM format and sent to a CA authority. The CA authority will use the certificate request to create a certificate signed with its public certificate.
Or you can create your own certificate. You do not need to convert the file for this stage.