I recently followed this guide to create a custom CA root certificate: http://sial.org/howto/openssl/ca/
One thing that is missing is how to install the certificate on all client machines.
The best I could come up with was to append the certificate to the CA bundle supplied with openssl:
openssl x509 -in ca-cert.pem -text >> /etc/pki/tls/certs/ca-bundle.crt
Anyone got a better idea?