OpenSSL
-------
When installing first, set serial by:
echo "01" > /path/to/serial

Certificate Authority
---------------------
Creating the cert:
# openssl req -new -x509 -keyout /usr/local/CQU-CA/private/CQU-CAkey.pem -out /usr/local/CQU-CA/private/CQU-CAcert.pem -keyout /usr/local/CQU-CA/private/CQU-CA/CAkey.pem

# ./bin/openssl req -config ./openssl.cnf -new -x509 -keyout /usr/local/CQU-CA/private/CQU-CAkey.pem -out /usr/local/CQU-CA/certs/CQU-CAcert.pem -days 365

Generating a 1024 bit RSA private key
.........................................................++++++
.++++++
writing new private key to '/usr/local/CQU-CA/private/CQU-CAkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AU
State or Province Name (full name) [Some-State]:Queensland
Locality Name (eg, city) []:Rockhampton
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Central Queensland University (CQU)
Organizational Unit Name (eg, section) []:Information Technology Division (ITD)
Common Name (eg, YOUR name) []:Central Queensland University CA
Email Address []:cqu-ca@cqu.edu.au

Converting to DER:
# openssl x509 -inform PEM -outform DER -in /usr/local/CQU-CA/private/CQU-CAcert.pem -out /usr/local/CQU-CA/private/CQU-CAcert.der

Requesting a new unencrypted cert:
# openssl req  -new -keyout newkey.pem -out newreq.pem  -days 365 -nodes  -config ./openssl.cnf

Get a cert from IIS:
# openssl x509 -req -days 365 -in certreq.txt -CA /usr/local/CQU-CA/private/CQU-CAcert.pem -CAkey /usr/local/CQU-CA/private/CQU-CAkey.pem -CAcreateserial -out new.crt

Generating webmail cert
# /usr/local/ssl/bin/openssl req -new -config ./openssl.cnf -keyout /usr/local/CQU-CA/certs/webmail-req.pem -out /usr/local/CQU-CA/certs/webmail-req.pem -nodes
# /usr/local/ssl/bin/openssl x509 -req -days 365 -in ./webmail-req.pem -CA /usr/local/CQU-CA/certs/CQU-CAcert.pem -CAkey /usr/local/CQU-CA/private/CQU-CAkey.pem -CAcreateserial -out ./webmail.crt