Generate certificate request

Use these guidelines to generate a certificate request:

If you do not have a signed server certificate, OpenSSL can be used to generate a certificate request.

# openssl req -new -nodes -keyout serverkey.pem -out serverreq.pem

The -nodes argument prevents encryption of the private key which is required by OpenLDAP.

If your CA does not support the default pem format of the request, another format can be specified with the -outform argument. For more information about certificate requests, refer to #man req.


Common name (CN) should exactly match the fully qualified domain name (FQDN) of the server where OpenLDAP is installed.