First of all, it is an openssl self-signed certificate (the issuer and user information are exactly the same), which is only used for nginx testing;
1. Generate the private key:
openssl genrsa -des3 -out merrick.key 2048
2. Generate a self-signed certificate:
openssl req -new -x509 -days 3650 -key merrick.key -out merrick.crt
...
3. View the certificate:
openssl x509 -in merrick.crt -noout -text
4. Enter the private key for the nginx console without a password:
openssl rsa -in merrick.key -out merrick.key.unpass
5. The configuration of the https part of nginx:
ssl_certificate merrick.pem;
ssl_certificate_key merrick.key.unpass;