OpenSSL Certificate Authority
You can find dozens of HOWTOs online about how you can easily create your own
certificate authority. But most of them miss a very important point – for your
root CA certificate to be really regarded as "CA", it should be generated with
basicConstraints=CA:TRUE
in openssl.conf
file.
This page contains HOWTO that
helps you create a real CA, note -extensions
param to openssl req.