Before we do anything, we need to generate a key and a certificate. Go actually has a pretty awesome utility that can generate keys and certificates for us just in Go, but, before we look at that, let's take a look at how we would traditionally generate a certificate using openssl:
openssl genrsa -aes256 -out key.pem 4096
This will generate a key in PEM format, which uses the RSA algorithm with a 4096 bit size; the key will be encrypted using the aes256 format, and will prompt you for a password. However, we also need an X.509 certificate that will be used with this key; to generate this, we can again use openssl and execute the following command:
openssl req -new -x509 -sha256 -key key.pem -out certificate.pem -days ...