*   Generate a [better (2048-bit) Diffie-Hellman
    parameter](https://weakdh.org/sysadmin.html).
*   ["Best" Nginx config for
    SSL](https://gist.github.com/plentz/6737338).
*   How to configure [certificate chains for
    Nginx](http://nginx.org/en/docs/http/configuring_https_servers.html#chains).

        Your Certificate
        Root CA
        Intermediate 1
        Intermediate 2
        .
        .

*   Test the [SSL config on your
    server](https://www.ssllabs.com/ssltest/).