the Keychain / X509Anchors tip above does not help with the actual SSL certificates but rather works for CA (Certificate Authority) Certificates - that is: certificates used to sign other certificates...

So you need to create two certificates yourself: one CA and one actual SSL certificate for use in your imapd (or httpd or whatever). Use the private part of the CA to sign the other and hand the public part of the CA certificate out to all clients.

No, you don't.

The above method works fine. You can EITHER import CA or host certificates to the X509Anchors file.

I imported the self-signed cert and I'm still getting the warning everytime I start mail.

---
Everyone loves a clown, but no one will lend him money!

Me too.

I used the openssl command to generate the X509 cert from my .pem file on the mailserver, and imported it to the x509 anchors in Keychain Access. Mail still whines every time it opens.

I was also unable to option-drag the cert from the Mail's warning dialog; using the option key, I get a generic document icon to drag, but it doesn't save to the desktop when I drop it there. If I don't hold down option I get a useless text clipping with the contents of the certificate information field.

On another mac also running panther, option dragging caused the system to briefly hang, and in a strange graphics error, the document icon now remains above all other applications, unclickable and useless.

A "remember this cert" button in the mail client world certainly be a nice thing to have.