Well, I have succeeding in getting SSL going and the howto is very helpful for this: http://directory.fedora.redhat.com/wiki/Howto:SSL and in particular the script: setupssl.sh http://directory.fedora.redhat.com/download/setupssl.sh In doing so I came across a number of gotchas which might help others. (1) The script uses "ldapmodify" from the openldap-clients package and not from the fedora-ds/shared/bin supplied one. The options are different and ldapmodify needs to be in the path. I've no idea why. (2) The script almost does everything for you. In particular you will find in /opt/fedora-ds/alias the cacert.asc file which you need to give to the clients. You do not need to export it which was just as well as the command given in the howto did not work for me. (3) The default names of the certificates are not correct if you want to ensure that the administrator console is encrypted too. You need to cd /opt/fedora-ds/alias cp admin-serv-serverID-cert8.db admin-serv-hostname-cert8.db cp admin-serv-serverID-key3.db admin-serv-hostname-key3.db where you replace serverID by your serverID name and hostname by the first part of your hostname. If I was confident that these points were not my mistakes, or were peculiarities of my setup then I'd update the wiki. Andy
