First genarate RSA private key.
Use 2048 bit or even better 4096 bit key
openssl genrsa 2048 > host.key
Now generate signing request.
enter *.domain.com for the Common Name
openssl req -new -x509 -nodes -sha256 -days 3650 -key host.key > host.crt
Now sign and generate certificate
openssl x509 -noout -fingerprint -text < host.crt > host.info
Finally you can bundle the data
cat host.cert host.key > host.pem