For each and every point you listed there is a mass of documentation available.
You should be able to install openssl on the Omega2+ (from LEDE repos or directly Omega repos), which gives you the means to generate what every certificate you like. You haven't mentioned what kind of certificate you need, with what cryptographic parameters (RSA/ECC, curves, modulo length, hash algorithm, ciphersuites and key exchanges to be supported,...). Actually you don't even have to install and use openssl on the Omega2+, you can generate the keys and certificates off-site.
For web server (and uhttpd-mod-tls) documentation seehttps://wiki.openwrt.org/doc/uci/uhttpd https://wiki.openwrt.org/doc/howto/certificates.overview
Introduction to OpenSSL certificate creation: https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs