tls self-signed certificates

[Craig White]

How do people generate self-signed certificates as this no longer works
for me...

#### generate cyrus certificate ####
openssl req -config /etc/ssl/openssl.cnf \
-new -x509 -nodes \
-out /etc/ssl/cyrus-global.pem \
-keyout /etc/ssl/cyrus-global.pem \
-days 3650
openssl gendh 512 >> /etc/ssl/cyrus-global.pem

and I used to use this cyrus-global.pem for both tls_cert_file and
tls_key_file...

tls_cert_file: /etc/ssl/cyrus-global.pem
tls_key_file: /etc/ssl/cyrus-global.pem
tls_ca_file: /etc/ssl/private/cacert.pem

but this fails...
Oct 16 08:22:47 spot imaps[7905]: imaps TLS negotiation failed:
ip68-230-71-199.ph.ph.cox.net [68.230.71.199]
Oct 16 08:22:47 spot imaps[7905]: Fatal error: tls_start_servertls()
failed

suggestions anyone?

Craig