Remember to blank any passwords if you are going to use this with Apache so you don't need to input the password when the Apache service starts each time.

You can use the certs that you sign on things like pop3s and imaps servers also.

You will get warning from mail clients if you sign your own certs but just accept the cert.

It is still an encrypted connection.

openssl genrsa -out server.key 1024

Keep this safe and back it up.

You have to answer some questions here.

Just put in fake or real info it does not matter.

The only box that really matters is the one called “Common Name”. This is where you have to put the exact host and domain name in. Like for a mail server with the name mail.example.org you would put mail.example.org.

openssl req -new -key server.key -out server.csr

openssl x509 -req -days 7300 -in server.csr -signkey server.key -out server.crt