When i first started using StartSSL for my SSL certificates i found the process very hard and the instruction were not clear so i have gone through the whole process of creating a SSL certificate with StartSSL. These instructions assume that you know how to create a CSR on your platform. I have not dealt with this heare because is should be a failry simply procedure and unique to your platform

• read http://www.martfox.com/customer/knowledgebase/112/How-to-generate-a-CSR-and-install-a-SSL-certificate-in-cPanel.html
• common name seems to be the same whichever domain you use (ie www, non-www)

Generate your CSR

• generate private key for www.example.com in 2048bits (private key ties into the domain)
• generate CSR using the host www.example.com as this is the domain startSSL using the details below.
• As long as the key does not change, the details below will all be valid for the same private key

I used these for my CSR

country - GB  (http://www.digicert.com/ssl-certificate-country-codes.htm)
state - Yorkshire
City - Manchester
Company - Building Company
Company Division - Online
email - webmaster@example.com
Pass Phrase - Password123   (just incase there are issues with the private key)

• now i go to StartSSL
• validate the domain, example.com
• run the certificates wizard following the instructions below

Certificates Wizard

NB: make sure you select the correct encyrption level ie 2048-bit

Select Certificate Purpose

• select 'Web Server SSL/TLS Certificate
• Click Continue

Generate Private Key

• I click 'skip this step' because i have a CSR

Submit Certificate Request (CSR) - (page name)

• paste the certificate request in
• click continue

Certificate Request Received - (page name)

• The following details appear
  • You submitted your certificate signing request successfully!.
  • All content of the certificate signing request is ignored except its public key.
  • You may proceed to the next step now.
• click continue

Add Domains - (page name)

• The following details appear
  • Select the top target domain name for your certificate.
  • Note: Only domain names which were validated within the last 30 days are eligible for selection.
• select your TLD, there should only be one ie example.com
• click continue

Add Domains - still

• you then get the following where you select a subdomain
  • You must add one sub domain to this certificate.
  • The base domain example.com will be included by default in the Alt Name section.
  • Note: In order to add multiple domains and sub domains, your Identity must be at least Class 2 validated. Check your status at the "Identity Card".
• select your subdomain ie. www - i select www.example.com as this seems the best. you will then get the www and non-www version of ssl
• click continue

Ready Processing Certificate - (Page)

• The following details appear
  • We have gathered enough information in order to sign your certificate now.
  • The common name of this certificate will be set to www.example.com.
  • The certificate will have the following host names supported:
    1. example.com
    2. www.example.com
  • Please click on Continue in order to process the certificate.
• Click continue

Save Certificate - (Page)

• The following details appear
  • In the textbox below is your PEM encoded certificate.
  • Copy and paste the content into a file and save it as ssl.crt.
  • Make sure, that you do not alter the content and you did not add any spaces! Save it in ASCII format (plain text).
• Below the certificate on this page
  • Save also the intermediate and root CA certificates for the installation at your server (Save As...).
  • itermediate url -
  • root rul -

NB: the last page auto refreshed so the page titles here need to be checked

cPanel SSL Installation

• install the certificate in cPanel, it does not create any RSA keys
• when you install the certificate created by the CSR of www.example.com , it autodetects that there is also the example.com domain that is valid in the certificate and adds that as a selectable domain in the activate SSL section.
• The CSR details can probably be ignored by the issuing authority except for the reference to the private key.

Notes

• StartSSL recommend the common name should be the non-www version ie.e quantumwarp.com and if you also want the www.quantumwarp.com you should still use non-www domain name (quantumwarp.com) as the common name
• cPanel now supports SNI which allows multiple SSL Certificates to be used on 1 IP address. It however has limitations. You can install a SSL with as many subdomains as you want and this domains can be used as valid domains under SSL but cPanel will on ever show you content from the primary domain. This is because of how it uses virtual hosts. SNI for email uses the primary domain ie.e quantumwarp.com only, you cannot set mail.quantumwarp.com and use that. There are changes coming that will change this but for now you are basically limited to using primary domain non-www (quantumwarp.com) and the www version (www.quantumwarp.com) for your website and the non-www (quantumwarp.com) for your secure email.
• If you make a mistake you can just create a new SSL, you do not need to revoke the old one. To revoke a certificate will cost money.