These instuctions apply to imap-uw.
Certificate files are placed on /usr/local/certs, with a file name consisting of the server name and a suffix of “.pem”. For example, install the imapd certificate on /usr/local/certs/imapd.pem and the ipop3d certificate on /usr/local/certs/ipop3d.pem. These files should be protected against random people accessing them. It is permissible for imapd.pem and ipop3d.pem to be links to the same file.
The imapd.pem and ipop3d.pem must contain a private key and a certificate. The private key must not be encrypted.
The following command to openssl can be used to create a self-signed certificate with a 10-year expiration:
openssl req -new -x509 -nodes -out imapd.pem -keyout imapd.pem -days 3650