Note: I'm starting to use Let's Encrypt - Free, Automated, SSL Certificates now, as Chrome and Firefox will stop trusting StartCom free certificates soon.
You need a client certificate to log in to StartCom. This example uses firstname.lastname@example.org as the email address associated with the certificate.
First, generate the private key and certificate signing request:
openssl req -newkey rsa:2048 -keyout email@example.com -out firstname.lastname@example.org
You'll get email@example.com which is the certificate signing request, and firstname.lastname@example.org which is the private key. You'll also be asked to choose a password for the private key. Make sure you don't lose the .key and it's password!
Now use the CSR to generate the public key:
Next you'll need to import the public key and the private key into Mac OSX's Keychain so that you can use it to log in to StartCom's website. The file that you'll need is a PFX file, which can be generated like so:
openssl pkcs12 -export -out email@example.com -inkey firstname.lastname@example.org -in email@example.com
If you want to back up the public and private keys from Keychain, select both the private and public, and export. You'll need to set a password for this.