IT Knowledge Base

User Tools

Site Tools


Contact me at for any feedback or suggestions.

My other sites:

Search all my sites:


Note: I'm starting to use Let's Encrypt - Free, Automated, SSL Certificates now, as Chrome and Firefox will stop trusting StartCom free certificates soon.

Source: Google Online Security Blog: Distrusting WoSign and StartCom Certificates

StartCom SSL Certificates

StartCom SSL Client Certificates and Mac OSX

You need a client certificate to log in to StartCom. This example uses as the email address associated with the certificate.

First, generate the private key and certificate signing request:

openssl req -newkey rsa:2048 -keyout -out

You'll get which is the certificate signing request, and which is the private key. You'll also be asked to choose a password for the private key. Make sure you don't lose the .key and it's password!

Now use the CSR to generate the public key:

  1. In StartCom, go to Certificates Wizard, Client Certificate
  2. Enter your email address. e.g.
  3. Choose “CER Generated by Myself”, paste the contents of the CSR file
  4. Then download the certificate, which will be in a ZIP file. The contents of this zip file will be:
    1. 1_Intermediate.crt
    2. - this is the public key - which I renamed to for standardisation

Next you'll need to import the public key and the private key into Mac OSX's Keychain so that you can use it to log in to StartCom's website. The file that you'll need is a PFX file, which can be generated like so:

openssl pkcs12 -export -out -inkey -in

If you want to back up the public and private keys from Keychain, select both the private and public, and export. You'll need to set a password for this.

startcom.txt · Last modified: 2018/04/09 09:56 (external edit)