You should probably read the Wikipedia article for
Certificate signing request (CSR). If you're gonna have clients from all over using this Web-based email service, then using a certificate signed by a third party CA (instead of self-signed) is almost certainly your best option. There's tons of CAs and I'd recommend just reading some reviews, such as
these, for example (that site also has tons of other useful information about SSL certificates). You can find instructions for generating CSRs right on any CA's website. For example, VeriSign has theirs posted
here.