首先，編譯nginx時要打開SSL：
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
make && make install

可以參考默認的配置文件，打開https訪問：

    server {
        listen       443;
        server_name  localhost;

        ssl                  on;
        ssl_certificate      cert.pem;
        ssl_certificate_key  cert.key;

        ssl_session_timeout  5m;

        ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_prefer_server_ciphers   on;

        location / {
            root   html;
            index  index.html index.htm;
        }
    }

接下來在nginx安裝目錄的conf下創建自行簽名的證書。
生成RSA密鑰：
[root@renzhe conf]# openssl dsaparam -rand -genkey -out myRSA.key 1024
0 semi-random bytes loaded
Generating DSA parameters, 1024 bit long prime
This could take some time
..+...+............+...................+................+...+......+.....+....+.....+.............................
+....+.+++++++++++++++++++++++++++++++++++++++++++++++++++*
.........+...............................+...........+.........+................+............+...+...........+...+
..............+.....+.+.+.....+...+.....+....+...................+............+............+..+.....+.........+...
...+......+......+..+.....................+...............+...............+.+............+...+++++++++++++++++++++
++++++++++++++++++++++++++++++*

生成CA密鑰：(要輸入一個自己記得的密碼)
[root@renzhe conf]# openssl gendsa -des3 -out cert.key myRSA.key
Generating DSA key, 1024 bits
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

用這個CA密鑰來創建證書：
[root@renzhe conf]# openssl req -new -x509 -days 365 -key cert.key -out cert.pem
Enter pass phrase for cert.key:     ###此處輸入上一步的密碼
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:GuangDong
Locality Name (eg, city) [Newbury]:GuangZhou
Organization Name (eg, company) [My Company Ltd]:Init5.cn
Organizational Unit Name (eg, section) []:security
Common Name (eg, your name or your server's hostname) []:security.init5.cn   ###此處最好跟https的域名保持一致
Email Address []:wulei5482@163.com

把證書設置為root專用：
[root@renzhe conf]# chmod 700 cert.*

現在nginx可以啟動了，https也已經可以正常訪問。