+# Generate key 2048 bit rsa key with out passphrase:
+
+DOMAIN=mail.stdout.nl.key
+sudo touch $DOMAIN.key
+sudo chmod 400 $DOMAIN.key
+sudo openssl genrsa -out $DOMAIN.key 2048
+
+# Generate CSR with:
+sudo openssl req -new -key $DOMAIN.key -out $DOMAIN.csr
+
+# After receiving the .crt file from the issuer, make sure you cat the .key
+# and .crt file together into a .pem file, which lighttpd's ssl.pemfile points
+# to.
+
+# Optionally, you can use a config file to set attributes of the CSR (so you
+# can leave out stuff like "Location" and "State"). However, when using
+# StartSSL, al the details from the CSR will be ignored anyway, so don't
+# bother. Anyway, the file to pass to -config should like this:
+
+[ req ]
+distinguished_name = req_distinguished_name
+prompt=no
+
+[ req_distinguished_name ]
+C = NL
+CN = mail.stdout.nl