OpenSSL
From ArchWiki
Creating a self signed certificate
Generating the DSA key parameters:
openssl dsaparam -rand -genkey -out thekey.key 4096
Next, generating the actual key:
openssl gendsa -aes128 -out ca_key.key thekey.key
Finally wrapping everything up and making the certificate:
openssl req -new -x509 -days 365 -key ca_key.key -out certificate.cert
More details at:
FreeBSD Handbook OpenSSL HowTo