Most SSL Certificates are used on public facing devices and are provided by large companies which specialize in this. For example, this web site uses an SSL certificate provided by https://letsencrypt.org/Let's Encrypt, an organization the provides free SSL Certificates and is supported by donations.

However, in many cases it is useful to have SSL certificates in your Local Area Network (LAN), and these can not readily be provided by the public SSL organizations. They are designed for situations where you can prove ownership of a publicly visible service, like a web site or mail server.

There are a few companies which provide this service, but the cost generally exceeds what most businesses are willing to spend, and as an alternative, it is easy to simply create your own Certificate of Authority (CA), add the public portion of that to all of your internal computers, and use that CA to generate certificates for your internal servers.

The steps to implementing a private, LAN based set of certificates is fairly straight forward.

1. Install OpenSSL on a computer
   1. Almost all Unix systems (Linux, BSD, MacOS) have it pre-installed
   2. Windows systems, I'm not sure about since it is a cracker paradise. I'll try to put whatever I can find in SSL Program for Windows
2. Create a private Certificate of Authority
3. Install the PEM file created above onto all machines which will be making a connection.
4. For each service you need secure
   1. Create a site certificate and sign it with the CA above
   2. Copy the site certificate files to the servers containing the service

At this point, you should be able to access all services using SSL (https, smtps, ftps, imaps).