These are the steps to create a self signed SSL Certificate.

Generate the Key.

sudo openssl genrsa -des3 -out tls.key 2048

Next generate the Certificate Signing Request.

sudo openssl req -new -key tls.key -out tls.csr

You might want to remove the passphrase to prevent being prompted to enter it when you server restarts.

To do that first make a copy of the Key.

sudo cp tls.key tls.key.orig

Run this to get the new Key.

sudo openssl rsa -in tls.key.orig -out tls.key

Now sign the Key. Remember you need to change the expiration.

sudo openssl x509 -req -days 365 -in tls.csr -signkey tls.key -out tls.crt

Now you have the .crt and the .key files.