
To generate the self-signed mail server certificate:

    $ openssl req -new -newkey rsa:4096 -x509 -sha256 -days 358201 -nodes -out mail.crt -keyout mail.key -extensions usr_cert -subj /CN=janet.server.dxld.at -addext "subjectAltName = DNS:janet.servers.dxld.at,DNS:janet.pub.dxld.at,DNS:janet.clients.dxld.at,DNS:mail.dxld.at,DNS:mail.darkboxed.org"

To view multiple certificates:

    openssl crl2pkcs7 -nocrl -certfile trusted.crt | openssl pkcs7 -print_certs -text -noout
