If you order i.e a wildcart certificate you dont want to generate the keys on a webserver because you cant just export them without special tools.
Instead you can use openssl to make the CSR.
1. First we create a keypair and the request. The configuration file we use is the one that comes along with openssl.
OpenSSL> req -sha1 -new -newkey rsa:2048 -keyout keyfile.key -out request.csr -config “C:\Program Files\GnuWin32\share\openssl.cnf”
2. Send the request.csr to the CA.
3. When you get the signed certificate from CA, use this to make a p12
OpenSSL> pkcs12 -export -inkey keyfile.key -in certfromca.crt -out certificate.p12 -name mynewcert