A few weeks ago, around about the time of the DigiNotar compromise, I thought that it'd be really neat to have a way to inject a trusted Certificate Authority as part of post-exploitation activities. So I made one! There's currently an issue in Metasploit's issue tracker for my patch, myca, which allows for easy CA management from within meterpreter.
Myca also allows the adding and removing of entries from the Windows hosts file, which makes SSL MITM that much easier, as you no longer need to be on your victim's network. Bonus.