In the past, Code Signing requests automatically created a CSR/KEY pair inside your browser. Newer browsers don't support this feature anymore, unfortunately.
Fortunately there is an alternative and you can locally create a CSR/KEY pair and copy/paste the CSR when submitting your Code Signing request. After purchasing a code signing certificate and opening the configuration page, click "configure certificate" and when the request form is shown, simply chose "Manually Enter My CSR" and create the CSR on your computer locally, e.g. using java keystore tool:
keytool -genkey -alias server -keyalg RSA -keysize 4096 -keystore keystore.jks
Alternatively, you can use openssl:
openssl genrsa -out private-key.key 4096 openssl req -new -key private-key.key -out csr.txt
Please make sure the "COMMON NAME (CN)" is showing your correct Company Name (e.g. "Acme Ltd"), despite the other address data. For Indie Developers, please enter your first- and lastname instead.