StartSSL certificates

Posted on
  • Must use IE.
  • Log in to control panel and validate domain name via validations wizard.
  • Certificates wizard: Web Server SSL/TLS certificate
  • Copy encrypted private key –> ssl.key
  • Add one subdomain (www.)

Copy certificate –> ssl.crt

Download root and server CA’s from this page

Go to Toolbox, and decrypt the private key –> myserver.key

Using with nginx

Create myserver.crt by appending the following files; ssl.crt, sub.whatever.cer, root.cer

listen 443 ssl;
ssl on;
ssl_certificate /path/to/myserver.crt;
ssl_certificate /path/to/myserver.key;


Name-based vhosts work by specifying the Host: parameter in the HTTP request. However, this takes place after the SSL/TLS connection has been negotiated, so the web server has no idea what ssl certificate to use. Hence you can only use one ssl keypair per ip/port. Can get around this by using multiple IP addresses pointing to the same server, or running all SSL sites on different ports.

Check chain order, etc. with ssllabs