b3n.org

If you installed sources you can find CA.sh in /usr/src/crypto/openssl/apps. Otherwise you can install the port.

# cd /usr/ports/security/openssl
# make install

# cd /usr/local/openssl/misc
# ./CA.sh -newca

The CA.sh script will ask you a series of questions. The answers I used are in bold:
Country: US
State: California
Locality: Highland
Organizational Name: Plumbing Co
Organizational Unit Name: Daemon Hunters
Common Name: PLUMBING CA

This will generate cacert.pem which you will want to put someplace where users can download and import into their browsers.

I copied cacert.pem to /home/webmail/squirrelmail-1.2.9/csci.cacert and I added the following line to the end of “/usr/local/apache2/conf/mime.types”:

“application/x-x509-ca-cert cacert”

# cd /usr/local/openssl/misc
# openssl req -new -nodes -keyout key.pem -out req.pem -days 365

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:Highland
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Plumbing Co
Organizational Unit Name (eg, section) []:Web Folks
Common Name (eg, YOUR name) []:mail.akxnet.org
Email Address []:admin@akxnet.org

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:[enter]
An optional company name []:[enter]

Run this command to sign your certificate:

# openssl ca -policy policy_anything -out cert.pem -infiles req.pem

# cp cert.pem /usr/local/etc/apache2/
# cp key.pem /usr/local/etc/apache2/

# vi /usr/local/etc/apache2/ssl.conf

SSLCertificateFile /usr/local/etc/apache2/cert.pem
SSLCertificateKeyFile /usr/local/etc/apache2/key.pem

# apachetcl stop
# apachectl startssl