It's the most important step in obtaining an SSL certificate.
The Certificate Signing Request (CSR) contains information about your organization and the domain you wish to secure. Unless you have direct access to your web server, the CSR is normally generated for you by your hosting provider. Some control panels will allow you to generate your own CSR if your hosting provider has enabled that feature for you.

Each and every CSR generated is UNIQUE.
The CSR you use must be generated for your domain on the server here your domain is hosted.

What's in a CSR?
Here's an example of the information required to generate your CSR.

Field Explanation Example Common Name The fully qualified domain name for your web server. This must be an exact match. If you intend to secure the URL https://www.geotrust.com, then your CSR's common name must be www.geotrust.com Organization The exact legal name of your organization. Do not abbreviate your organization name. GeoTrust Organization Unit Section of the organization Marketing City or Locality The city where your organization is legally located. Wellesley Hills State or Province The state or province where your organization is legally located. Can not be abbreviated. Massachusetts Country The two-letter ISO abbreviation for your country. US

More about your Common Name.
The Common Name (CN) should be whatever your site users will see in their browser when they navigate to a secure page. Here are some examples:

Common Name (CN) Examples:
www.mydomain.com
secure.mydomain.com
mail.mydomain.com
mydomain.com
checkout.mydomain.com
sales.mydomain.com

Should I use a www in my Common Name? This depends on what your site users will see in their browser address bar. If your users will see https://www.domain.com then you should use a www.domain.com in your CSR. The key is that what your users see and what you're trying to secure must match exactly.

Tip:  You cannot use any of the following characters in your CSR: < > ~ ! @ # $ % ^ * / \ ( ) ? & ,.
(note that you may use the * for wildcard orders)
Also, do not include http:// or https:// in your CSR.

What will my CSR look like?
The information you supply about your organization and domain is used by your web server to generate a unique certificate signing request for your domain. The final result is a cryptic block of code that will look something like this:

THIS IS A CSR SAMPLE ONLY

-----BEGIN CERTIFICATE REQUEST-----
MIIB5jCCAU8CAQAwgaUxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdHZW9yZ2lhMRAW
DgYDVQQHEwdEZWNhdHVyMRkwFwYDVQQKExBXYXZlUGF0aCBIb3N0aW5nMQ4wDAYD
VQQLEwVTYWxlczEgMB4GA1UEAxM8998yoi8ikjndhdmVwYXRoaG9zdGluZy5jb20xJTAj
BgkqhkiG9w0BCQEWFnNjb3R0LnJvZ2Vyc0BhdHRiaS5jb20wgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJlkjlkjlkjljlkjlkjkjMI7XNI+1Kq50n4gOiDIYanhtzwMFS8iq6VoRATs
nQuFoBK2FQ52qpBkDneHL02HdVk82vDVRjRaRcAM2DKZwCkLzbhhjO3rom76bYzl
vSxcCUKoCWKpvnpCDXssr6V5sa1B1APMhxU/WRml6Oa7ycTkAUMs3HBZla0NfDcD
AgMBAAGgADANBgkqhkilkjoijkLkf9kj$HiulkIKJjeijaoejljoj3v/Xsn04LCQn/oQjD/9ID8FuQA
kshzHERuBwRnPo5K8Yv1VVBp9+yPsE527F/K2blU85/TBhkMUDFNhNL3VQJJDOXI
7fQCnBVO+ClqVA==
-----END CERTIFICATE REQUEST-----

How do I generate my own CSR?
How you generate your CSR depends on the type of web server your domain is hosted on. CSR generation

What do I do once I have a CSR?
Keep it in a safe place until you're ready to purchase your Geotrust SSL certificate. The CSR will be needed during the purchase process. You'll be asked to copy-and-paste your CSR into a special CSR box.

What should I include when I paste my CSR?
Everything! Notice the beginning -----BEGIN CERTIFICATE REQUEST-----
and ending -----END CERTIFICATE REQUEST-----.
These must be included when you paste your CSR into the CSR box.