This is a simple log in case I forget the steps, it may or may not help you. A good thing about StartSSL is now they support up to 5 subdomains under the same root domain for free. This is very nice.
- Go to https://startssl.com and "Authenticate" using a stored certificate. If you don't have one, you need to "Sign-Up"
- After logging in, first we need to validate domain. Go to "Validations Wizard" and select "Domain Validation (for SSL certificate)." Next enter your root domain, for example,
happyz.me. Before going to the next step, if you have set domain privacy, you need to temporarily disable that to quickly get the validation code to your real email address. Procedure afterwards is trivial: enter code for validation and then re-enable domain privacy when validation completes.
- Download the zip, in my case
happyz.me.zip. If it does not automatically download, goto "Toolbox" and then "Certificate list" to retrieve the zip.
- Since my server is using Apache, unzip the "ApacheServer.zip" in the downloaded zip and you will get two files:
- Enable SSL for the website by modifying the config file in apache folder. For example:
<IfModule mod_ssl.c> <VirtualHost *:443> SSLEngine On SSLProtocol all -SSLv2 -SSLv3 Header add Strict-Transport-Security "max-age=31536000" SSLHonorCipherOrder On SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA SSLCertificateFile path to 2_happyz.me.crt SSLCertificateKeyFile path to your key SSLCertificateChainFile path to 1_root_bundle.crt ServerAdmin admin ServerName blog.happyz.me DocumentRoot path to directory of website <Directory "path to directory of website"> Options FollowSymLinks AllowOverride All Require all granted </Directory> ErrorLog path to error log CustomLog path to access log combined </VirtualHost> </IfModule>
You'll need to replace the red text with your stuff.
SSLCipherSuite is referred from https://wiki.mozilla.org/Security/Server_Side_TLS.