Once you have your CSR (and have your CSR's private key safely stored), you can purchase an SSL certificate from a CA.
Firstly, you must select a CA to purchase from. There are a number of CAs that sell SSL certificates, and for compatibility reasons, it is best to choose one of the more well-known providers. Some of the largest are listed here. Please note that prices vary considerably, so compare prices before purchasing.
Purchasing will involve uploading your CSR to the CA's website. The CA will then want to verify your organization's identity before issuing the certificate. In particular, they will need to verify that your organization is the legal owner of the domain being set as the Common Name. They may require certain documents to be sent to them as part of the verification process, or send an email to the registered owner of the domain (to confirm you have access to this email).