We just got done doing that on an ubuntu server.
I found the help by Greg Rowe very helpful.
I didn't follow his instructions exactly so I can't verify his commands.
I made a directory to work in, and from that directory;
I made a key with
openssl genrsa -rand /var/log/syslog -out ./svr.key 4096
I then put a copy of /etc/ssl/openssl.cnf in my working directory and called it ssl.cnf so I could edit and use it instead of changing the default.
I altered my ssl.cnf using Greg's instructions then I generated my csr with;
openssl req -new -key ./svr.key -out ./svr.csr -config ssl.cnf
You can look at the generated csr with;
openssl req -text -noout -in svr.csr