I recently bought a domain on Namecheap Con PossitiveSSL. And I am hosting it on an EC2 server (from AWS). In order to activate the PossitiveSSL security they oder me to generate the CSR code. To do this I must use the: "AWS Cetificate Manager"?
A Certificate Signing Request (CSR) is a text file that is used to provide attributes about your desired certificate so that your certificate authority can generate and formally sign your certificate, making it "official" so that browsers will trust it.
These can be generated with openssl req. A Google search of namecheap "openssl req" finds a document called Generating CSR on Apache + OpenSSL/ModSSL/Nginx + Heroku.
The short answer there is this:
$ openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
This prompts you for information about your organization and server, generates a new 2048 bit secret key (server.key) and generates a certificate signing request (server.csr).
Do not follow these instructions blindly without understanding what they actually do, because you will experience frustration later if you go through this process without taking notes and understanding why you are doing it.
openssl req will ask you a series of questions so that it can create the CSR that your CA expects. If what you create is not exactly what they expect, it will be rejected. Some CAs are a bit flexible with some of these fields, automatically correcting the less important values if your answers are not 100% correct. Usually, the cheaper the certificate, the less strict the validation process. If you're buying a $300 certificate, you can generally expect more stringent validation.
The two files created are server.key and server.csr. You can change these names when running the command, e.g. example.com.key and example.com.csr.
Save these files and handle them with appropriate caution.
The server.key file is the secret key that will pair with the certificate you receive from the certificate authority (CA). The word "secret" is important. Keep this file secret and secure. You will need this on your web server when you install the certificate, which won't work without it. Never share it. If it is ever compromised, then your certificate is compromised, and you must go back to the issuer, and have it revoked and reissued.
The server.csr file is not secret or sensitive. This is the CSR you will send to the CA. Save it for later, because next year, you will want to have it so that you can use it to renew your certificate. If you lose it, you can regenerate it, but it's a minor hassle. If this file is compromised, it doesn't matter, because there is nothing sensitive in this file at all. It's only used for requesting the certificate. You will not need this file on your web server when you install the certificate.