The exact commands for generating a self-signed SSL certificate on Linux is something I always forget, so here they are:
Generating a private key
First you need to generate a private key. This private key will be the only key that can decrypt your SSL traffic.
$ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 $ openssl rsa -passin pass:x -in server.pass.key -out server.key $ rm server.pass.key
Generating a CSR (Certificate Signing Request)
Using the private key you’ve generated seconds ago, you must now create a CSR (Certificate Signing Request). In most cases you can just use the default values for everything except the common name. The common name is usually the domain of your website.
$ openssl req -new -key server.key -out server.csr
Signing the certificate
Normally you would pass the CSR to a CA (Certificate Authority) who would sign it for you. But using the following command you sign the certificate yourself.
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt