Intro
Regardless of who or what generated your TLS certificate and bundle/chain, configuration varies not only among services, but also supported TLS versions and, where applicable, ciphersuites, DH params, location, “server” vs. “client” mode, and numerous other factors that, given the context, should be carefully considered and properly configured. Fortunately, Mozilla provides a “configutator” for HTTP servers (except Microsoft’s) and a variety of other services in the spirit of, we surmise, end-to-end TLS.

Mozilla’s TLS Configurator
The configurator is here. It may be tempting to simply select, e.g., “nginx” and copy/paste, but first take a look around:

• Server version
• OpenSSL version
• The three “levels” under “Mozilla Configuration”, each essentially corresponding to supported TLS version(s) and ciphersuites.
• conf file details, including server-specific syntax for, e.g., redirection, cert file and key nuances, and others.

The configurator and this post are ultimately informational and specifics should be adjusted in accordance with your security policies, end user compatibility/readiness, and the service’s own documentation and recommendations.

(Just don’t store the key in /var/www).