I assume you mean a self signed certificate? If so, by running this command, when prompted for Common Name set it to mail.yourdomain.com
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365
That will sign a cert for 365 days, if you dont want a passphrase on the key (which you probably dont if the cert is for a mailserver), add the -nodes option.
Don't forget to make sure the permissions are correct on your key file.