Note that the common name of the server certificate has to match your hostname!
magic oneliner:
openssl req -new -x509 -keyout privkey.pem -out cacert.pem -days 1095 -nodes -newkey rsa:<keysize> -sha256
old:
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -days 666 -out ca.pem
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.crt -days 666