Previously, we registered with Startssl, and then validated our domains with them. Now we can finally start generating our signed keys for a single service. If you haven't performed the previous steps, you will not be able to proceed with this tutorial.
Go to StartSSL and click authenticate -> control panel if you aren't already there. Click on the Certificates Wizard tab, and choose "Web Server SSL/TLS Certificate" before pressing continue.
Generate a random password by opening VIM and asking a family member to try and exit out of it. Take the first 32 letters and numbers and paste them into the password fields. I then chose a 4096 bit keysize because why not? Ensure you also have the SHA2 algorithm selected and press continue.
Click OK on the popup that appers and states:
"This will create a private key for your certificate. If you...".
Wait approximately 30 seconds for the key to generate and appear on the next page. Copy and paste it into a text file and call it
ssl.key for now before clicking "Continue".
Select the domain,from the dropdown, that you would like to add a certificate to. If this is the first time through this tutorial, then you will only have the one domain in there. Click "Continue."
Because we are only validated as "Class 1" at this stage, we can only register one domain per key. If you want to create a certificate that applies to multiple subdomains, you would need to upgrade your account to "Class 2" which costs 60 USD per 350 days, hence it is not covered in this blog.
You will be shown the following page. Click "Continue" and wait approximately 10 seconds.
Your PEM encoded certificate should now appear. Copy and paste the text into a file, and call it
We've finally created our keys! Now all we need to do is configure Apache or Nginx to use these certificates.