Note: I'm starting to use Let's Encrypt - Free, Automated, SSL Certificates now, as Chrome and Firefox will stop trusting StartCom free certificates soon.
You need a client certificate to log in to StartCom. This example uses email@example.com as the email address associated with the certificate.
First, generate the private key and certificate signing request:
openssl req -newkey rsa:2048 -keyout firstname.lastname@example.org -out email@example.com
You'll get firstname.lastname@example.org which is the certificate signing request, and email@example.com which is the private key. You'll also be asked to choose a password for the private key. Make sure you don't lose the .key and it's password!
Now use the CSR to generate the public key:
Next you'll need to import the public key and the private key into Mac OSX's Keychain so that you can use it to log in to StartCom's website. The file that you'll need is a PFX file, which can be generated like so:
openssl pkcs12 -export -out firstname.lastname@example.org -inkey email@example.com -in firstname.lastname@example.org
If you want to back up the public and private keys from Keychain, select both the private and public, and export. You'll need to set a password for this.