RSA keys were okay in their day, but they do have their disadvantages. (I'll cover this more in just a bit.) Elliptic Curve (EC) keys are superior in pretty much every way. So, let's now create a self-signed certificate with an EC key, instead of with an RSA key, like so:

openssl req -new -x509 -nodes -newkey ec:<(openssl ecparam -name secp384r1) -keyout cert.key.x509 -out cert.crt -days 3650

The only part of this that's different is the ec:<(openssl ecparam -name secp384r1) part. It looks strange, but it's really quite logical. When creating an EC key, you have to specify a parameter with the ecparam command. You'll normally see this as two separate openssl commands, but it's handier to combine the two commands together as one command within another command. The inner openssl command is feeding its output back to the outer openssl command via the input redirection symbol (<). The -name secp384r1 part means that we're creating a 384-bit EC key with the secp384 named curve algorithm.