We want to secure our connection to the LDAP server with SSL, so that outside parties cannot intercept our communications.

Since the admin interface is talking to the LDAP server itself on the local network, we do not need to use SSL for that connection. We just need to secure the external connection to our browser when we connect.

To do this, we just need to set up a self-signed SSL certificate that our server can use. This will not help us validate the identity of the server, but it will allow us to encrypt our messages.

The OpenSSL packages should be installed on your system, by default. First, we should create a directory to hold our certificate and key:

Next, we can create the key and certificate by executing:

You will have to answer some questions, in order for the utility to fill out the fields in the certificate correctly. The only one that really matters is the prompt that says Common Name (e.g. server FQDN or YOUR name). Enter your server's domain name or IP address.

When you are finished, your certificate and key will be written to the /etc/apache2/ssl directory.