首先，编译nginx时要打开SSL：
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
make && make install

可以参考默认的配置文件，打开https访问：

    server {
        listen       443;
        server_name  localhost;

        ssl                  on;
        ssl_certificate      cert.pem;
        ssl_certificate_key  cert.key;

        ssl_session_timeout  5m;

        ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_prefer_server_ciphers   on;

        location / {
            root   html;
            index  index.html index.htm;
        }
    }

接下来在nginx安装目录的conf下创建自行签名的证书。
生成RSA密钥：
[root@renzhe conf]# openssl dsaparam -rand -genkey -out myRSA.key 1024
0 semi-random bytes loaded
Generating DSA parameters, 1024 bit long prime
This could take some time
..+...+............+...................+................+...+......+.....+....+.....+.............................
+....+.+++++++++++++++++++++++++++++++++++++++++++++++++++*
.........+...............................+...........+.........+................+............+...+...........+...+
..............+.....+.+.+.....+...+.....+....+...................+............+............+..+.....+.........+...
...+......+......+..+.....................+...............+...............+.+............+...+++++++++++++++++++++
++++++++++++++++++++++++++++++*

生成CA密钥：(要输入一个自己记得的密码)
[root@renzhe conf]# openssl gendsa -des3 -out cert.key myRSA.key
Generating DSA key, 1024 bits
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

用这个CA密钥来创建证书：
[root@renzhe conf]# openssl req -new -x509 -days 365 -key cert.key -out cert.pem
Enter pass phrase for cert.key:     ###此处输入上一步的密码
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:GuangDong
Locality Name (eg, city) [Newbury]:GuangZhou
Organization Name (eg, company) [My Company Ltd]:Init5.cn
Organizational Unit Name (eg, section) []:security
Common Name (eg, your name or your server's hostname) []:security.init5.cn   ###此处最好跟https的域名保持一致
Email Address []:wulei5482@163.com

把证书设置为root专用：
[root@renzhe conf]# chmod 700 cert.*

现在nginx可以启动了，https也已经可以正常访问。