This is an old revision of the document!
Generate the private key <source lang="bash"> openssl genrsa -out domain.sihnon.net.key 1024 </source>
Generate the Certificate Signing Request <source lang="bash"> openssl req -new -key domain.sihnon.net.key -out domain.sihnon.net.csr </source>
Send the CSR to cacert.org, and cat the result into domain.sihnon.net.pem.
Set up the server to use the .key and .pem files.
Courier expects the key and the certificate in the same file, along with some Diffie-Hellman parameters <source lang="bash"> cat domain.sihnon.net.key domain.sihnon.net.pem > domain.sihnon.net.courier.pem openssl gendh >> domain.sihnon.net.courier.pem </source>