OpenSSL

Source: https://www.ibm.com/docs/en/runbook-automation?topic=certificate-generate-root-ca-key

This is for experimentation/tinkering/lab, not production. Using proper certs from the start of a project is good practice so even if this is insecure.

openssl genrsa -out rootCAKey.pem 4096
openssl req -x509 -sha256 -new -nodes -key rootCAKey.pem -days 3650 -out rootCACert.pem
openssl x509 -in rootCACert.pem -text

There is the -passin file:password.txt option and more in order to make generating new certs easier.