How to get a free SSL certificate from StartSSL

You can get a free SSL certificate, which is SHA256 signed, from StartSSL in a few easy steps.

At first sign up at StartSSL, and fill out their web form. You will receive an email with an authentication code at your specified email address. Next you copy and paste this code into the text field.
Then you have to generate a private key to login/authenticate on their website, choose 2048 bit here, and be patient, it takes a few seconds.
Remember to backup this private key!

In the control panel open the Validations Wizard. There choose the Domain Name Validation and enter your TLD, e.g., and then verify the domain ownership by selecting an email address of your TLD.

Then choose under the tab Certificate Wizard the Web Server SSL/TLS Certificate and continue. Here you are asked again to generate a private key, click on skip.
Private keys should be private, so you create them on your server.

SSH to your server and generate a private key.

Then create a Certificate signing request file by filling out the form.

Get the content of the csr file with cat and copy it to the StartSSL website.

Next step you can add a subdomain, e.g. www, and click continue.
Then you retrieve your certificate file, save it to, e.g.

Then download the intermediate and the root CA certificate.

Then copy the files:
– ca-sha2.pem
to /etc/ssl/apache2.

Last but not least here is my apache2 vhost configuration file:

Hope you liked my first post ­čÖé

Leave a Reply

Your email address will not be published. Required fields are marked *