$ openssl req -x509 -newkey rsa:2048 -keyout key.pem \
-out cert.pem -days 360 -nodes
vm$ aptitude install nginx-full vim
vm$ rm -i /etc/nginx/sites-enabled/default
vm$ ln -s ../sites-available/ssl-test /etc/nginx/sites-enabled/
vm$ vim /etc/nginx/sites-available/ssl-test
vm$ mkdir -p /__foo/{bar,baz}
vm$ vim /__foo/{bar,baz}/index.html
vm$ cp -i /vagrant/*.pem /__foo/
vm$ chmod 600 /__foo/*.pem
vm$ service nginx restart
$ curl --cacert .../cert.pem https://baz.lvh.me:4443
$ pry
> require 'faraday'
> c = Faraday.new 'https://qux.lvh.me:4443', \
ssl: { ca_file: '.../cert.pem' }
> c.get('/').body
...