Подписываем проги в Linux


aptitude update
wget osslsigncode-1.7.1.tar.gz
apt-get install gcc
aptitude install openssl
aptitude install cmake
aptitude install make
aptitude install libssl-dev
apt-get install libcurl4-gnutls-dev
aptitude install automake
cd osslsigncode
./configure
make
make install

openssl pkcs12 -in /work/newsertSS.pfx -nocerts -nodes -out /work/ExampleCloudkey.pem
penssl pkcs12 -in /work/newsertSS.pfx -nokeys -out /work/ExampleCloudCert.pem

osslsigncode sign -certs /work/ExampleCloudCert.pem -key /work/ExampleCloudkey.pem -n "ExampleCloud" -i http://cloud.example.ru/ -t http://timestamp.verisign.com/scripts/timstamp.dll -in /work/old_ExampleCloudSetup.exe -out /work/new_ExampleCloudSetup.exe

Бесплатный ssl-сертификат на один домен


/etc/init.d/vz stop
/etc/init.d/nginx stop
mkdir /git_cert
cd /git_cert/letsencrypt
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory auth


Далее указываем имя домена с обязательным пробелом после имени
Если все хорошо, на выходе будет сообщение:
IMPORTANT NOTES:
— Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/dobro.in/fullchain.pem. Your cert will
expire on 2016-02-04. To obtain a new version of the certificate in
the future, simply run Let's Encrypt again.

теперь можем записывать в nginx:

server {
    listen 443 ssl;
    server_name dobro.in;
    ssl_certificate /etc/letsencrypt/live/dobro.in/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/dobro.in/privkey.pem;
....
    listen *:80;
    server_name www.koldaev.com koldaev.com blog.koldaev.com;
    return 301 https://$host$request_uri;

и стартовать виртуалки с nginx:
/etc/init.d/vz start
/etc/init.d/nginx start