Create the key and set a passphrase:
openssl genrsa -des3 -out server.key 2048
Create the csr file making sure the CN (common name) matches whatever domain name it represents such as “www.agix.local”. This requires the passphrase from the step above:
openssl req -new -key server.key -out server.csr
Remove the passphrase:
openssl rsa -in server.key -out server.key.nopass
Generate the self-signed certificate:
openssl x509 -req -days 365 -in server.csr -signkey server.key.nopass -out server.crt
Now you can use the new certs and key in your apache config.