# generate CA
openssl x509 req -config /usr/ssl/openssl.cnf -new -days 365 -keyout private/cakey.pem -out certs/cacert.pem
# gen certificate
openssl x509 req -config /usr/ssl/openssl.cnf -new -days 365 -keyout private/mailkey.pem -out certs/mailcert.pem -nodes

# make cert into req/cert
openssl x509 -x509toreq -in private/mailkey.pem -signkey private/mailkey.pem -out req.pem
# sign it
openssl ca -config /usr/ssl/openssl.cnf -policy policy_anything -out certs/mailcert.pem -infiles req.pem
rm req.pem
                                        
# create the cert/key for sendmail
cd /usr/ssl
openssl req -new -x509 -nodes -out certs/mailcert.pem -keyout private/mailkey.pem -days 365
chmod 600 private/mailkey.pem

# sign the cert for sendmail
cat private/mailkey.pem >> certs/mailcert.pem
openssl x509 -x509toreq -in certs/mailcert.pem -signkey certs/mailcert.pem -out tmp.pem
openssl ca -policy policy_anything -out certs/mailcert2.pem -infiles tmp.pem