Most guides out on the internet about how to generate a self-signed cert and long and complicated, but it can be done in a single command:

openssl req -newkey 2048 -keyout cert.key -nodes -x509 -out cert.pem -batch

The meaning of the options:

• -newkey 2048: generate a new 2048 bit RSA private key instead of using an existing one
• -keyout cert.key: save the rsa key in cert.key
• -nodes: don’t encrypt the private key
• -x509: generate an actual cert (rather than a certificate request)
• -out cert.epm: save the certificate as cert.pem
• -batch: don’t ask for the various SSL cert metadata fields