This is an old revision of the document!
Creating Validated StartSSL Certificates
this is just a bunch of steps i can't seem to remember each time i need a new certificate.. so i write it down in here :)
first of all you need to create a user account at startssl.com and download and install the mime certificate from them that will authenticate you against their service.
now you need to run the validations vizard and validate your ownership of the domain you need a certificate for
SSL Certificate
to create an ssl certificate you need to first create a Certificate Signing Request on your server (it's running ubuntu in my case)
- create a key
openssl genrsa -out server.key 2048
this creates a key without a password which you most likely want to use if you need it for a webserver or such. it also means, that if your key is stolen anybody can run another service with the same key, so it is less secure..
- create the CSR
openssl req -new -key server.key -out server.csr
now go to the startssl.com webpage and enter the certificates wizard. chose web server ssl / tls certificate and continue
on the next screen choose skip
now on your server get the csr file contents
cat server.csr
copy and paste this into the textarea on the startssl page and follow the wizard
when you receive the pem encoded certificate copy and paste it back to your server. in the terminal window wher you have your server shell enter
cat > server.crt
then paste the certificate and hit return and then ctrl+D