I tried a while (just this morning) to create an intermediate certificate for our UCS root certificate.
Then I decided to stick with our home-grown CA and use it for Apache/Dovecot/Postfix, as described her: Using your own SSL certificates.
Best regards
Dirk