I forgot to mention using a smaller RSA key size. Use at most 2048 bits; however 1024 bit RSA keys are no longer considered to have enough of a "security margin". 4096 bits are super-overkill, but a lot of people choose that thinking "more bits is better" when generating a key. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,226136,226153#msg-226153