Unlike other parts this one was the easiest to do so I'll just give a link to this article and summarize what it does to configure TLS with Cyrus IMAP.
First let's create the certificate (it's a single file we'll need):
shell$ cd /tmp $ openssl req -new -nodes -out req.pem -keyout key.pem $ openssl rsa -in key.pem -out new.key.pem $ openssl x509 -in req.pem -out ca-cert -req -signkey new.key.pem -days 999 $ cp new.key.pem /var/imap/server.pem $ cat ca-cert >>/var/imap/server.pem $ chown cyrus:mail /var/imap/server.pem $ chmod 400 /var/imap/server.pem
And now let's add the settings to /usr/local/etc/imapd.conf:
conftls_ca_file: /var/imap/server.pem
tls_cert_file: /var/imap/server.pem
tls_key_file: /var/imap/server.pem
If you don't have secure imapd started in /usr/local/etc/cyrus.conf uncomment this line (you can have both imap and imaps running or only one of them):
confimaps cmd="imapd -s" listen="imaps" prefork=0