Generate private key with a bit lenght of 2048. 2048 bits is minimum for this time of writing.
openssl genrsa -out <Filename of private key.key> 2048
Generate CSR (Customer Signing request) using private key.
openssl req -new -key <Filename of private key.key> -out <Filename of CSR.csr>
Fill out questions when asked. CN is very important. Provide CSR to CA for signing.
openssl req -noout -text -in <Filename of CSR.csr>
openssl x509 -in <certificate filename.crt> -noout -text
openssl x509 -in <certificate filename.der> -inform der -text
openssl s_client -showcerts -connect <host to check>:443