It's truly amazing how many dumb things you can do (http://www.usenix.org/events/sec02/full_papers/gutmann/gutmann_html/) when working with cryptography.
Among other things, installing your root CA private key into visitor's web browsers is a Bad Idea. See above for more...