You can find dozens of HOWTOs online about how you can easily create your own certificate authority. But most of them miss a very important point – for your root CA certificate to be really regarded as "CA", it should be generated with basicConstraints=CA:TRUE in openssl.conf file.

This page contains HOWTO that helps you create a real CA, note -extensions param to openssl req.