Mundy

IT Knowledge Base

User Tools

Site Tools


Sidebar

Contact me at dan@mundy.co for any feedback or suggestions.


My other sites:

Search all my sites:

startcom

Note: I'm starting to use Let's Encrypt - Free, Automated, SSL Certificates now, as Chrome and Firefox will stop trusting StartCom free certificates soon.

Source: Google Online Security Blog: Distrusting WoSign and StartCom Certificates

StartCom SSL Certificates

StartCom SSL Client Certificates and Mac OSX

You need a client certificate to log in to StartCom. This example uses dan@mundy.co as the email address associated with the certificate.

First, generate the private key and certificate signing request:

openssl req -newkey rsa:2048 -keyout dan@mundy.co.key -out dan@mundy.co.csr

You'll get dan@mundy.co.csr which is the certificate signing request, and dan@mundy.co.key which is the private key. You'll also be asked to choose a password for the private key. Make sure you don't lose the .key and it's password!

Now use the CSR to generate the public key:

  1. In StartCom, go to Certificates Wizard, Client Certificate
  2. Enter your email address. e.g. dan@mundy.co
  3. Choose “CER Generated by Myself”, paste the contents of the CSR file
  4. Then download the certificate, which will be in a ZIP file. The contents of this zip file will be:
    1. 1_Intermediate.crt
    2. 2_dan@mundy.co.crt - this is the public key - which I renamed to dan@mundy.co for standardisation

Next you'll need to import the public key and the private key into Mac OSX's Keychain so that you can use it to log in to StartCom's website. The file that you'll need is a PFX file, which can be generated like so:

openssl pkcs12 -export -out dan@mundy.co.pfx -inkey dan@mundy.co.key -in dan@mundy.co.crt

If you want to back up the public and private keys from Keychain, select both the private and public, and export. You'll need to set a password for this.

startcom.txt · Last modified: 2018/04/09 09:56 (external edit)