- generate an RSA key
openssl genrsa -out domain_name.key 2048
- generate a certificate signing request (CSR) using the private key
openssl req -new -sha256 -key domain_name.key -out domain_name.csr
- verify that public key in the certificate matches the private key