creating_valid_startssl_certificates

This is an old revision of the document!


Creating Validated StartSSL Certificates

this is just a bunch of steps i can't seem to remember each time i need a new certificate.. so i write it down in here :)

first of all you need to create a user account at startssl.com and download and install the mime certificate from them that will authenticate you against their service.

now you need to run the validations vizard and validate your ownership of the domain you need a certificate for

to create an ssl certificate you need to first create a Certificate Signing Request on your server (it's running ubuntu in my case)

  1. create a key
    openssl genrsa -out server.key 2048

    this creates a key without a password which you most likely want to use if you need it for a webserver or such. it also means, that if your key is stolen anybody can run another service with the same key, so it is less secure..

  2. create the CSR
    openssl req -new -key server.key -out server.csr

now go to the startssl.com webpage and enter the certificates wizard. chose web server ssl / tls certificate and continue

on the next screen choose skip

now on your server get the csr file contents

cat server.csr

copy and paste this into the textarea on the startssl page and follow the wizard

when you receive the pem encoded certificate copy and paste it back to your server. in the terminal window wher you have your server shell enter

cat > server.crt

then paste the certificate and hit return and then ctrl+D

  • creating_valid_startssl_certificates.1325327755.txt.gz
  • Last modified: 31.12.2011 11:35
  • by Pascal Suter