If you are running your own Friendica site, you may want to use SSL (https) to encrypt communication between yourself and your server (communication between servers is encrypted anyway).
To do that on a domain of your own, you have to obtain a certificate from a trusted organization (so-called self-signed certificates that are popular among geeks don’t work very well with Friendica, because they can cause disturbances in other people's browsers).
If you are reading this document before actually installing Friendica, you might want to consider a very simple option: Go for a shared hosting account without your own domain name.
That way, your address will be something like yourname.yourprovidersname.com, which isn't very fancy compared to yourname.com.
But it will still be your very own site, and you will usually be able to hitch a lift on your provider's SSL certificate.
That means that you won't need to configure SSL at all - it will simply work out of the box when people type https instead of http.
When you initially sign up with StartSSL, the first certificate you receive is simply installed in your browser (though you should also store it somewhere safe, so that you can reinstall it in any other browser at a later date, for instance when you need to renew something).
This authentication certificate is only used for logging on to the StartSSL website – it has nothing to do with the certificate you will need for your server.
As a first-timer with StartSSL, start here: https://www.startssl.com/?app=12 and choose the Express Lane option to get that browser authentication certificate.
Then seamlessly continue to the process of acquiring the desired certificate for your server (the one you actually came for).
You can change the website’s language if that makes things easier for you.
Don’t quit too fast when you have received your personal web server certificate at the end of the procedure.
Depending on your server software, you will also require one or two generic files for use with this free StartSSL certificate.
These are sub.class1.server.ca.pem and ca.pem.
If you have already overlooked this step, you can download those files here: http://www.startssl.com/?app=21
But once again, the very best way of doing things is not to quit the StartSSL site until you are completely done and your https certificate is up and working.
To do this, you copy the existing one and change the end of the first line to read :443> instead of :80>, then add the following lines to that entry, as also shown in StartSSL’s instructions:
Many people using a virtual private or dedicated server will be running more than Friendica on it.
They will probably want to use SSL for other sites they run on the server, too.
To achieve this, they may wish to employ more than one certificate with a single IP – for instance, a trusted one for Friendica and a self-signed certificate for personal stuff (possibly a wildcard certificate covering arbitrary subdomains).
Of course, you may optionally be using other places like the sites-available directory to configure Apache, in which case only some of this information need be in httpd.conf or ports.conf - specifically, the NameVirtualHost lines must be there.
But if you're savvy about alternatives like that, you will probably be able to figure out the details yourself.
You can remove the password if you like. This is probably bad practice, but if you don't, you'll have to enter the password every time you restart nginx. To remove it:
