Create and configure a certification authority. But no one will trust your certificates, except for those computers on which you add your root certificate to the trusted list (this is convenient to do within the enterprise, if the root certificate is distributed through group policy, for internal resources accessible only from inside the organization, from the outside - no one to trust will not).

Open SSL CA
Windows CA Role
In principle, enough to get started. And there and there are a bunch of manuals. In principle, this is not even an engineering task, but a purely organizational one.

If for Windows and on Windows - I add Vladimir Korotenko to the answer - the CA equipment for work is quite convenient. Not exactly right, but you can work if you find a software that generates CSR.
If for linux - openssl ca (man ca). Openssl.conf is created, thoughtfully configured, then you take it and release it.
In shaggy times, I wrote a set of scripts for this, I can share :)
Yes, about trust. They will be suitable only for debugging, since no one will believe them until you put your CA certificate in the root - in Windows, by the way, this is automatically done for domain computers.