It is actually fairly easy. Default openssl options (on Ubuntu) points the CA to ./demoCA (a folder called "demoCA" in the currrent folder).
Create a CA:
mkdir certs private newcerts
echo 1000 > serial
openssl req -new -x509 -days 3652 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem
Generate a CSR - on the folder containing "demoCA" folder:
openssl req -out A.csr -new -newkey rsa:2048 -keyout A.key
Sign the CSR with the CA - on the folder containing "demoCA" folder and A.csr:
openssl ca -out A.pem -infiles A.csr
Some time your device may only accept PKCS#12 format. Once you have the key and the cert, you can convert it to PKCS#12:
openssl pkcs12 -export -in A.pem -inkey A.key -out A.p12 -name "A"
In order for your device to trust the cert (A.pem or A.p12), you will need to import the CA cert (./demoCA/cacert.pem).