First of all, the issuer and user information are different, but they are only operated by themselves.
On Windows, you need to download Win32OpenSSL-1_1_0g.exe (or 64-bit program).
1. [issuer] (ca) needs a private key and certificate, which is generated as follows:
[private key]
openssl genrsa -des3 -out ca.key 2048
[certificate]
openssl req -new -x509 -days 7305 -key ca. key -out ca.crt -config openssl.cnf
.....
2. [Applicant] (user of self-signed certificate/private key), of course, also needs private key and certificate, which are generated as follows:
[private key]
openssl genrsa -des3 -out merrick.key 2048
[CA request]
openssl req -new -key merrick.key -out merrick.csr -config openssl.cnf
[certificate self-signing process]
openssl x509 -req -in merrick.csr -out merrick.pem -signkey merrick.key -CA ca.crt -CAkey ca.key -CAcreateserial -days 3650
[password-free private key for nginx]
openssl rsa -in merrick.key -out merrick.key.unpass
3. The configuration of the https part of nginx:
ssl_certificate merrick.pem;
ssl_certificate_key merrick.key.unpass;