With StartSSL the actual cert generation is easier than that as they create the key on their server first and they ask for the forms on the site. No CSR is needed, though you can do it that way if you wish.
What is a tiny bit annoying is their authentication - you need a client authentication cert installed on your browser. Not hard in itself, but annoying if you have let the old one expire as they then need to review your request for a new one.
One other thing is verification that you own the domain, through various methods. Not hard to do, but automated and very necessary.