The two files you need are a PEM encoded SSL certificate and private key. PEM encoded certs and keys are Base64 encoded text with start/end delimiters that look like -----BEGIN RSA PRIVATE KEY-----or similar.

您需要的两个文件是 PEM 编码的 SSL 证书和私钥。PEM 编码的证书和密钥是 Base64 编码的文本，带有看起来像-----BEGIN RSA PRIVATE KEY-----或相似的开始/结束分隔符。

To create an SSL certificate you first need to generate a private key and a certificate signing request, or CSR (which also contains your public key).You can do this in a variety of ways, but here's how in OpenSSL.

要创建 SSL 证书，您首先需要生成一个私钥和一个证书签名请求，或 CSR（其中也包含您的公钥）。您可以通过多种方式完成此操作，但以下是 OpenSSL 中的方法。

openssl req -newkey rsa:2048 -new -nodes -keyout key.pem -out csr.pem

This will cause you to enter an interactive prompt to generate a 2048-bit RSA private key and a CSR that has all the information you choose to enter at the prompts. (Note: Common Name is where you'll want to put the domain name you'll be using to access your site.) Once you've done this you would normally submit this CSR to a trusted certificate authority and once they've validated your request you would receive a certificate.

这将导致您输入交互式提示以生成 2048 位 RSA 私钥和包含您选择在提示中输入的所有信息的 CSR。（注意：Common Name 是您想要放置用于访问您的站点的域名的地方。）完成此操作后，您通常会将此 CSR 提交给受信任的证书颁发机构，并且一旦他们通过验证您的要求，您将收到证书。

If you don't care about your certificate being trusted (usually the case for development purposes) you can just create a self-signed certificate. To do this, we can use almost the same line, but we'll pass two extra parameters.

如果您不关心您的证书是否可信（通常出于开发目的），您可以创建一个自签名证书。为此，我们可以使用几乎相同的行，但我们将传递两个额外的参数。

openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem

This will give you a cert (valid for 10 years) and key pair that you can use in the code snippet you posted.

这将为您提供一个证书（有效期为 10 年）和密钥对，您可以在您发布的代码片段中使用它们。

Just follow this procedure :

只需按照以下程序：

1. create the folder where you want to store your key & certificate :

   mkdir conf

1. 创建要存储密钥和证书的文件夹：

   mkdir conf

1. go to that directory :

   cd conf

2. 转到该目录：

   cd conf

1. grab this ca.cnffile to use as a configuration shortcut :

   wget https://raw.githubusercontent.com/anders94/https-authorized-clients/master/keys/ca.cnf

3. 获取此ca.cnf文件以用作配置快捷方式：

   wget https://raw.githubusercontent.com/anders94/https-authorized-clients/master/keys/ca.cnf

1. create a new certificate authority using this configuration :

   openssl req -new -x509 -days 9999 -config ca.cnf -keyout ca-key.pem -out ca-cert.pem

4. 使用此配置创建一个新的证书颁发机构：

   openssl req -new -x509 -days 9999 -config ca.cnf -keyout ca-key.pem -out ca-cert.pem

1. now that we have our certificate authority in ca-key.pemand ca-cert.pem, let's generate a private key for the server :

   openssl genrsa -out key.pem 4096

5. 现在我们在ca-key.pemand 中拥有我们的证书颁发机构ca-cert.pem，让我们为服务器生成一个私钥：

   openssl genrsa -out key.pem 4096

1. grab this server.cnffile to use as a configuration shortcut :

   wget https://raw.githubusercontent.com/anders94/https-authorized-clients/master/keys/server.cnf

6. 获取此server.cnf文件以用作配置快捷方式：

   wget https://raw.githubusercontent.com/anders94/https-authorized-clients/master/keys/server.cnf

1. generate the certificate signing request using this configuration :

   openssl req -new -config server.cnf -key key.pem -out csr.pem

7. 使用此配置生成证书签名请求：

   openssl req -new -config server.cnf -key key.pem -out csr.pem

1. sign the request :

   openssl x509 -req -extfile server.cnf -days 999 -passin "pass:password" -in csr.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem

8. 签署请求：

   openssl x509 -req -extfile server.cnf -days 999 -passin "pass:password" -in csr.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem

I found this procedure here, along with more information on how to use these certificates.

我在这里找到了这个过程，以及关于如何使用这些证书的更多信息。