How to generate self-signed ECDSA CA certificate non-interactively using OpenSSL

This post uses -newkey syntax from How to create ECDSA P-384 (secp384r1) using OpenSSL (-newkey)

The following command will generate a self-signed CA certificate using a ECDSA P-384 key withou any interactive questions. All parameters are given on the command line.

openssl req -newkey ec:<(openssl ecparam -name secp384r1) -nodes -x509 -keyout ca.key -out ca.pem -days 365000 -subj '/'

Note that you don’t have to use a domain name as CN (common name). There are few requirements for CAs in general but depending on for what – and with what software – you’ll use the CA, the requirements may vary.