We will use openssl to make a certificate request and key.
Openssl always makes keys initially encrypted, so we'll have to then decrypt the key:
So to make a request for myservice/myhost.fnal.gov, you would:
openssl req -new -newkey rsa:2048 -passout pass:some-password -out request.pem \ -subj "/DC=com/DC=DigiCert-Grid/O=DigiCert Grid/OU=Services/CN=myservice\\/myhost.fnal.gov"
Then to decrypt the key file:
openssl rsa -in privkey.pem -out request.key -passin pass:some-password
Then make sure your key and your request file match:
openssl req -modulus -in request.pem -noout openssl rsa -modulus -in request.key -noout
The outputs should be the same.
Now you should save this request.key file, and use the request.pem file text to paste
into the web request form.