There are reasons why you might want a self-signed certificate. There are reasons why you don't. Figuring out these reasons are left as an exercise for the reader.
(also note, a lot of examples on the Intertubes somehow do this all in one command. I could never get them to work)
Copy the openssl.cnf somewhere and edit it.
Add or uncomment:
(in my case most of the v3_req section already existed)
Make the key:
Make the CSR:
when prompted use mytorturedmind.com as the site name.
Make the cert:
Now you just have to make Apache use it (also outside the scope of this document)