Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:Bavaria
Locality Name (eg, city) :Munich
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) :
Common Name (eg, YOUR name) :example.com
Email Address :email@example.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password :
An optional company name :
Now copy the content of the CSR into your clipboard
Let StartSSL sign your CSR
Visit the "Certificates Wizard" tab and choose Webserver SSL/TLS Certificate and click on continue.
Click on skip and paste the contents of the csr file you just created into the text field.
On the next step add www. as the subdomain (or another subdomain if you do not have www).
Now save your certificate. If your domain is example.com I would save it as example.com.crt
Configure Apache2 to use the certificate
Become root or execute the following stuff with sudo
First we have to activate ModSSL
Create a directory for your certificates
Move the .crt and the .key into the new folder
mv example.com.* /etc/apache2/ssl
We also need a ca.pem file. This file contains both the intermediate and the root certificate. You can download a finished one.
curl -L http://www.rocu.de/x/5s > ca.pem
Now configure the Virtual Host for SSL
<VirtualHost *:443> DocumentRoot /var/www/vhosts/example.com/ ServerName example.com ServerAlias www.example.com
Test your Apache config before restarting
Now restart your webserver
sudo /etc/init.d/apache2 restart
You're website can be viewed with SSL now.
The process at StartSSL is anti-intuitive. I hope you were able to follow this tutorial and that your website is SSL secured now.
Depending on your use case, there are more steps that you have to take. For example you should load all assets from HTTPS or your users will get mixed content warnings.
Another good idea is to redirect your visitors to HTTPS and to activate Strict Transport Security.
If you have user other then yourself at the website, you should also follow SSL best pratices. Here is a tool that you can use to find out, what you can improve.
I leave all this as an excercise for the reader. Please leave me a comment if you have any questions or corrections.