Go to the site http://www.startssl.com and verify the domain (Use the button Control Panel).
At first we set the default key size to 2048 by editing the file /etc/ssl/openssl.cnf. Change in section req default_bits to 2048.
We create on the host a new key and csr:
openssl req -new -nodes -keyout ssl.key -out ssl.csr
As common name fill the domain and do not fill the challenge password.
Go to startssl.com and select new certificate and select WEB. For the private key select Skip.
Now copy the content of the ssl.csr to the website. Select the domain and fill the common name you inserted above while creating the private key.
Copy the certificate on the website in the file ssl.crt. Download the two files:
wget https:<nowiki>//</nowiki>www.startssl.com/certs/sub.class1.server.ca.pem wget https:<nowiki>//</nowiki>www.startssl.com/certs/ca.pem
Configure apache with the following lines:
ServerSignature On SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM SSLCertificateFile /usr/local/etc/apache22/ssl/ssl.crt SSLCertificateKeyFile /usr/local/etc/apache22/ssl/ssl.key SSLCertificateChainFile /usr/local/etc/apache22/ssl/sub.class1.server.ca.pem SSLCACertificateFile /usr/local/etc/apache22/ssl/ca.pem SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
Restart apache.