From: Howard Chu <hyc(a)symas.com&gt; Subject: Re: TLS init def ctx failed: -1 To: "François Mehault" <Francois.Mehault(a)netplus.fr&gt; Cc: &quot;openldap-technical(a)openldap.org&quot; <openldap-technical(a)openldap.org&gt; Date: Thursday, July 2, 2009, 7:02 AM François Mehault wrote: > > |*openssl req -newkey rsa:1024 -x509 -nodes -out server.pem -keyout > server.pem -days 365*| This is a terrible way to generate a server certificate. Instead you should generate a CA, following the steps in (the current) section 4.2.