> I then pasted the contents of ‘csr’ into the page and get “This CSR > has an invalid signature!”
It's worth playing with openssl to check the output from auth/rsa2csr. The diagnostics are bound to be a bit less vague. Trying your instructions, the PEM encoded csr includes the seemingly unwanted word "SIGNING" in the headers. When I remove it (and a space) openssl req reports a valid certificate request. Lucio.