Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:Bavaria
Locality Name (eg, city) []:Munich
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []
Email Address []

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Now copy the content of the CSR into your clipboard


Let StartSSL sign your CSR

Visit the "Certificates Wizard" tab and choose Webserver SSL/TLS Certificate and click on continue.

Click on skip and paste the contents of the csr file you just created into the text field.

On the next step add www. as the subdomain (or another subdomain if you do not have www).

Now save your certificate. If your domain is I would save it as

Configure Apache2 to use the certificate

Become root or execute the following stuff with sudo

First we have to activate ModSSL

a2enmod ssl

Create a directory for your certificates

mkdir /etc/apache2/ssl

Move the .crt and the .key into the new folder

mv* /etc/apache2/ssl

We also need a ca.pem file. This file contains both the intermediate and the root certificate. You can download a finished one.

curl -L > ca.pem

Now configure the Virtual Host for SSL

vim /etc/apache2/sites-enabled/
<VirtualHost *:443>  
DocumentRoot /var/www/vhosts/  

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/
SSLCertificateKeyFile /etc/apache2/ssl/
SSLCertificateChainFile /etc/apache2/ssl/ca.pem

Test your Apache config before restarting

apachectl configtest

Now restart your webserver

sudo /etc/init.d/apache2 restart

You're website can be viewed with SSL now.

Final words

The process at StartSSL is anti-intuitive. I hope you were able to follow this tutorial and that your website is SSL secured now.

Depending on your use case, there are more steps that you have to take. For example you should load all assets from HTTPS or your users will get mixed content warnings.

Another good idea is to redirect your visitors to HTTPS and to activate Strict Transport Security.

If you have user other then yourself at the website, you should also follow SSL best pratices. Here is a tool that you can use to find out, what you can improve.

I leave all this as an excercise for the reader. Please leave me a comment if you have any questions or corrections.