First of all create the server key:
openssl genrsa -des3 -out self-signed.key 2048
Enter a password twice and note it!
Create the CSR (when requested, enter the password that you used above):
openssl req -new -key self-signed.key -out self-signed.csr
Answer the questions and put your domain name that you want to use the certificate for as "Common Name".
Remove the passphrase (you'll need the password that you noted above):
openssl rsa -in self-signed.orig -out self-signed.key
rm -f self-signed.orig
Create the certificate:
openssl x509 -req -days 365 -in self-signed.csr -signkey self-signed.key -out self-signed.crt
You can then use your new certificate in your nginx vhost like this: