## ldap.labka.cz
# 10> Import kořenového certifikátu CA
$ openssl pkcs12 -in CA.pfx -nocerts -out myCA.key
$ openssl rsa -in myCA.key -out myCA.decrypted.key
$ openssl pkcs12 -in CA.pfx -clcerts -nokeys -out myCA.crt
$ update-ca-trust enable
$ cp myCA.crt /etc/pki/ca-trust/source/anchors/
$ update-ca-trust extract
$ openssl verify myCA.crt

# 11> Import certifikátu LDAPS
$ openssl pkcs12 -in ldaps.pfx -nocerts -out ldaps.key
$ openssl rsa -in ldaps.key -out ldaps.decrypted.key
$ openssl pkcs12 -in ldaps.pfx -clcerts -nokeys -out ldaps.crt
$ cp ldaps.key \
 /etc/pki/tls/certs/ldaps.crt \
 /etc/pki/tls/certs/myCA.crt \
 /etc/openldap/certs/ 
$ update-ca-certificates
$ openssl verify ldaps.crt

# 12> Ověř LDAPS spojeni
$ adtool list 'ou=People,dc=labka,dc=cz'