Can be done. Considered a few years ago. Approximate investment of 300,000 EURO. Although, now, perhaps much cheaper.
And there is no need to wait for the exhaust in the presence of free certificates such as Let's Encrypt and StartSSL at the present time. In short, a rotten business idea.

In general, there are several certification centers, all other intermediaries, I just accept applications.

Eee, do you want certificates "for yourself" or do you want to trade them, issue them for third-party people?
If for myself - then man openssl, as advised. Or to read to dock on screw UTs. I can give more scripts to control the CA on linux.
For sale, forget it. To trade certificates, your root certificate must be recognized by trusted hardware and software manufacturers - Google, Apple, Microsoft, Mozilla, etc. as well as "colleagues" - Comodo, GoDaddy, Network Solutions :-)