We get our SSL certs from startcom via a level2 personal validation.
Certs cover:
servername.country.afternet.org *.afternet.org afternet.org (built in by startcom)
Then you decrypt the key:
openssl rsa -in ssl.key -out ssl.key
Startcom sends you a zip with other zips in it. We want ApacheServer.zip, extract the 2 files from it and then do this:
cat server.key 2_server.crt 1_root_bundle.crt > ircd.pem