@Gabor This is a complex topic as I already mentioned! You need a lot of knowledge on different technologies and be able to debug things thoroughly. While we work on making this easier I am not sure it will ever be fail proof for everyone just because of the complexity.
Anyhow, I may ask you to re-read the wiki page. There is one part showing you how to re-build iPXE binaries using your custom CA. Whenever you change the CA and/or certs you need to recompile your iPXE binaries.