In 2013, I wrote a series of four blog posts describing how to act as your own certificate authority using the OpenSSL command-line tools. Interestingly, traffic to the series increased significantly after the Heartbleed vulnerability.
I’ve recently made many improvements and additions. The series is now available as a standalone document titled OpenSSL Certificate Authority. Make sure you check it out!