Attention: rootCA.key is the key used to sign the certificate requests, anyone holding this can sign certificates on your behalf. So keep it in a safe place! You should encrypt it with a password
openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout rootCA.key -out rootCA.cert