Personally, I'd use phpseclib, a pure PHP CSR implementation. eg.
<?php
include('File/X509.php');
include('Crypt/RSA.php');
$key = new Crypt_RSA();
$key->loadKey($_POST['key']);
$x509 = new File_X509();
$x509->setPrivateKey($key);
$x509->setDN(array(
'countryName' => $_POST['c'],
'stateOrProvinceName' => '.',
'localityName' => $_POST['city'],
'organizationName' => '.',
'organizationalUnitName' => '.',
'commonName' => $_POST['cn'],
'emailAddress' => $_POST['email']
));
$csr = $x509->signCSR();
echo $x509->saveCSR($csr);
?>