To install a Class 1 StartSSL Certificate on Debian first you will need to obtain both your private key and certificate from StartSSL’s website and upload them to your server. I’d recommend that you keep both the Webserver SSL/TLS Certificate and StartSSL’s CA Certificates in a secure directory for the website it is to be used by (i.e. a directory not accessible by HTTP).
Step 1: Assuming you have encrypted your private key when generating it on StartSSL’s website you will need to decrypt the key on your server or a password will be required whenever the HTTP server restarts.
Doing this is simple, login via SSH to your server and go to the directory containing your certificate and (assuming the file is named ssl.key) type the following:
openssl rsa -in ssl.key -out ssl.key
openssl should then request the password for the private key and decrypt it.
Step 2: Once the key is decrypted we need to download StartSSL’s Certificate Authority Certificates. For the Class 1 certificate we only need ca.pem and sub.class1.server.ca.pem
So again in your SSH console type the following 2 commands:
Once you have downloaded these files you should set the permissions to read only by the file owner (chmod 400 *)
Step 3: Assuming you have already enabled SSL for your HTTP server you only need add the SSL certificate and CA Certificates to your virtual host, in apache we do this by creating something like the following:
SSLProtocol all -SSLv2
SetEnvIf User-Agent “.*MSIE.*” nokeepalive ssl-unclean-shutdown
If you have not already enabled SSL in apache you can do so by moving the file mods-available/ssl.load to the mods-enabled directory (typically these can be found in /etc/apache2/)
All that is left is to restart the HTTP server (for apache this would be /etc/init.d/apache2 restart) and as long as there are no errors your certificate is ready for use!