Clarification regarding SSL certificate installation

I have nginx as server. I want to use https and I am looking to understand how to do it.

I am looking to buy the certificate from DigiCert or comodo certificate through combell.

DigiCert has nice pages and even they have installation steps for nginx

http://www.digicert.com/ssl-certificate … -nginx.htm">http://www.digicert.com/ssl-certificate-installation-nginx.htm

I understand I have to generate CSR file when asking the authority to issue me the certificate.

If I understand well I get unencrypted key and the csr file; the later is to be sent when requesting the certificate.

What I do not understand is why the key is unencrypted. Should I encrpyt somehow the private key?

Should I put the unencrypted key in nginx conf or encrypted key with the password?

In a different scenario I have encountered several months ago, I have been given from the authority the pfx file protected with a pass choosen by me,

and when extracting the private key I have protected the private key again with a pass (if I remeber well).

I am studying the ssl certificate/installation the whole day and I think I got it for the most part. Just need this clarification I think.

Thanks

Nenad