See dektz's reply. Companies create their own CA cert (you can do that using e,g. openssl) and use domain policies to install it on every machine they control. Then they can setup a proxy that takes the CA cert and dynamically generates certs for each domain that is accessed over HTTPS (Squid can do that).
So this article is suggesting that this practice is wrong and will not be tolerated or that the root CA authorities should not be the ones to generate the certificates?
There is nothing wrong with creating your own CA root certificate and installing it on computers you use. People do this all the time. For instance, web testing proxies all synthesize a fake CA root cert, because otherwise they wouldn't be able to run tests against HTTPS sites.
What happened here was, a company didn't want to go through the (significant) bother of installing something in thousands of computer systems. So they did an end run around the system and got a complicit CA to in effect add them to the global Internet CA root system, which they had no business being a part of. Since the certificate they minted in this process appeared to browsers to be a real, signed, chained-from-the-roots CA=YES cert --- something nobody can make for themselves, not being able to do that being the whole point of SSL/TLS --- they didn't have to install anything. On any computer. Anywhere on the Internet.
