First of all create a self-signed certificate by following the instructions at http://www.eclectica.ca/howto/ssl-cert-howto.php. I copied the private key and the certificates to /etc/ldap. Please make sure that the
private key is only readable by root.

Next add the following lines to /etc/ldap/slapd.conf:

TLSCaCertificateFile /etc/ldap/cacert.pem
TLSCertificateFile /etc/ldap/cert.pem
TLSCertificateKeyFile /etc/ldap/cert.key


Finally make sure that the LDAP server is listening at the ldaps port (636) by editing /etc/default/slapd
and restarting the LDAP server.


ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub


Display certificate request:

openssl req -noout -text -in /etc/apache2/ssl/server2007.csr


Display to whom it was issued from PEM file:

openssl x509 -noout -in imapd.pem -subject


Display certificate:

openssl x509 -noout -text -in /etc/apache2/ssl/server2007.crt


Create key:

openssl genrsa 1024 > www.linuxia.de.key


Create certificate request from existing key:

openssl req -new -key www.linuxia.de.key -out server2007.csr