TLS nginx
Remove password from key
openssl rsa -in server.key.orig -out server.key
Merge all chain in one file
After this you can use this no only with Nginx, with full-chain work fine dovecot and postfix.
cat server.crt.orig intermediate1.crt intermediate2.crt > server.ru.pem
Make Pins for HPKP Header
Leaked from RFC7469:
openssl x509 -noout -in certificate.pem -pubkey | \
openssl asn1parse -noout -inform pem -out public.key
openssl dgst -sha256 -binary public.key | openssl enc -base64
Generate Diffie–Hellman key
openssl dhparam -out dhparam.pem 4096