Create a self signed CA (Certificate Authority)

Generate private key:

$ openssl genrsa -des3 -out CA.key 4096

To create a private key without password:

$ openssl genrsa -out CA.key 4096

Create a root certificate:

$ openssl req -x509 -new -nodes -key CA.key -sha256 -out CA.pem -subj "/CN=example.com" -days 365

In one single command create the private key and the certificate:

$ openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout CA.key -out CA.pem -subj "/CN=myCA.tld" -days 365

Import this cert in your system (trust it)

Create certificates to be signed with your CA:

Create a certificate requests .csr:

$ mkdir example.tld
$ cd example.tld
$ openssl req -newkey rsa:4096 -sha256 -nodes -keyout example.key -out example.csr -subj "/CN=example.tld"

Sign the certificate with the CA:

$ openssl x509 -days 3065 -sha256 -req -in example.csr -CA ../CA.pem -CAkey ../CA.key -set_serial 01 -out example.tld.crt