Creating a Snakeoil Certificate

There are reasons why you might want a self-signed certificate. There are reasons why you don't. Figuring out these reasons are left as an exercise for the reader.

(also note, a lot of examples on the Intertubes somehow do this all in one command. I could never get them to work)

Copy the openssl.cnf somewhere and edit it.
Add or uncomment:
(in my case most of the v3_req section already existed)

Make the key:

Make the CSR:
when prompted use as the site name.

Make the cert:

verify it:

Now you just have to make Apache use it (also outside the scope of this document)