Startssl - Create Your First Website Certificate

This StartSSL/Startcom tutorial series is deprecated. Please use this tutorial instead.

Previously, we registered with Startssl, and then validated our domains with them. Now we can finally start generating our signed keys for a single service. If you haven't performed the previous steps, you will not be able to proceed with this tutorial.

Steps

Go to StartSSL and click authenticate -> control panel if you aren't already there. Click on the Certificates Wizard tab, and choose "Web Server SSL/TLS Certificate" before pressing continue.

Generate a random password by opening VIM and asking a family member to try and exit out of it. Take the first 32 letters and numbers and paste them into the password fields. I then chose a 4096 bit keysize because why not? Ensure you also have the SHA2 algorithm selected and press continue.

Click OK on the popup that appers and states:
"This will create a private key for your certificate. If you...".

Wait approximately 30 seconds for the key to generate and appear on the next page. Copy and paste it into a text file and call it ssl.key for now before clicking "Continue".

Select the domain,from the dropdown, that you would like to add a certificate to. If this is the first time through this tutorial, then you will only have the one domain in there. Click "Continue."

Because we are only validated as "Class 1" at this stage, we can only register one domain per key. If you want to create a certificate that applies to multiple subdomains, you would need to upgrade your account to "Class 2" which costs 60 USD per 350 days, hence it is not covered in this blog.

You will be shown the following page. Click "Continue" and wait approximately 10 seconds.

Your PEM encoded certificate should now appear. Copy and paste the text into a file, and call it ssl.crt.

Conclusion

We've finally created our keys! Now all we need to do is configure Apache or Nginx to use these certificates.

Author

Programster

Stuart is a software developer with a passion for Linux and open source projects.

comments powered by Disqus