generating csr is easy and well documented:
openssl genrsa 2048 > your_domain_com.key # common name should be equal to the domain name openssl req -new -key your_domain_com.key > your_domain_com.csr
but even comodo’s own help website is not up-to-date and provides bundle-creation that refers to files that are no longer sent to the clients. internet is full of examples that sort of work but fail some of online ssl certificate validators.
something that worked for me – in zip-file containing signed cert you’ll find:
AddTrustExternalCARoot.crt COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt your_domain_com.crt
to create a bundle run:
cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt
and in apache’s config add
SSLCertificateKeyFile /etc/apache2/ssl/your_domain_com.key SSLCertificateFile /etc/apache2/ssl/your_domain_com.crt SSLCertificateChainFile /etc/apache2/ssl/ssl-bundle.crt
for nginx:
cat my_domain_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt