Now we need to copy the certificates to the right configuration directories, rename them at the same time (for convenience), change the ownership and finally the permissions:

root#  cp demoCA/cacert.pem /etc/openldap/
root#  cp newcert.pem /etc/openldap/servercrt.pem
root#  cp newreq.pem /etc/openldap/serverkey.pem
root#  chown ldap.ldap /etc/openldap/*.pem
root#  chmod 640 /etc/openldap/cacert.pem;
root#  chmod 600 /etc/openldap/serverkey.pem

Now we just need to add these locations to slapd.conf, anywhere before the database declaration as shown here:

TLSCertificateFile /etc/openldap/servercrt.pem
TLSCertificateKeyFile /etc/openldap/serverkey.pem
TLSCACertificateFile /etc/openldap/cacert.pem

Here is the declaration and ldap.conf: ldap.conf

TLS_CACERT /etc/openldap/cacert.pem

That's all there is to it. Now on to the section called “Testing”