I have used a lot of time on how to make self-signed certificate with your own certificate, and a lot of the tutorials on the web will tell you how to create a certificate that is insecure and where the browser will tell you that.
First start by creating your CA key:
openssl genrsa -out ca.key 4096
Next we need to create our CA certificate
Here you have to fill in information about your company, it does not really matter as you have to trust it yourself.
openssl req -new -x509 -days 1826 -key ca.key -out ca.crt
Next we have to create a certificate for that server we want to use SSL on
openssl genrsa -out server.key 4096
After that we need certificate request, it is here you have to fill in the domain name that you are going to use the certificate with:
openssl req -new -key server.key -out server.csr
Then lastly we can create our server certificate
openssl x509 -req -days 730 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
Now you can use server.crt and server.key on your https server