First let generate an RSA key for the server:
openssl genrsa -out server.key 2048Next, for a “true” certificate, we must generate a certificate request (CSR).
But for a self-signed certificate, we can generate it directly like this:
openssl req -new -days 3650 -key server.key -out server.csrHere we will generate a x509 certificate valid for ten year. You don’t have to respond to any question beside the “Common Name ( eg, YOUR name )“. Correct value is the domain name you are going to use the certificate for.