Moved to a Github repo with other helpful documents, instead of just a single gist.
This article shows you how to setup your own private certificate authority backed by a Nitrokey HSM. Other HSMs may work as well, but I was only able to test the Nitrokey version. This certificate authority has no automation and does not really scale. Other open source projects can be referenced for automation and scalability.