OpenSSL

Intended Audience
This article is targeted towards those already familiar with general system administration, the concepts of SSL, and it's implementation. The commands are setup so the process can be completed quickly by simply replacing references, with the relevant hostname.

Installation
If you have the 'ssl' use flag on anything, then OpenSSL is probably already have this installed, but just in case:

Create the Root Certificate Authority (CA)
This will create the needed directories and enter the new directory.

Next, create a basic configuration file for the CA.

Set an environment variable so OpenSSL knows to use the file just created

Now generate your CA key and certificate. OpenSSL will use the above environment variable to source the various settings required. When prompted for a password, use a strong one. This password is very important, be safe.

Creating and Signing a Daemon Key and Certificate
First, a configuration file needs to be created for this service.

Then export the environment variable so openssl uses the right configuration file.

Generate the key and Certificate Request

Strip the passphrase so daemons don't hang on startup. This is not needed if your service can handle passphrases (e.g. Dovecot).

Set the environment variable to use the CA configuration file from above.

Sign the certificate.

Remove the trash