Please show us our configuration files and steps. Maybe I can help you with that.

Hi
SSL-customization guide is excellent, but part of the LDAP setup is not complete...
After i simply change the settings SLAPD-service also does not start. As a result - no access to the panel or to the mailboxes. After returning SSL settings for SLAPD to their original values service successfully started and access restored:
TLSCACertificateFile /etc/pki/tls/certs/server.ca-bundle
TLSCertificateFile /etc/pki/tls/certs/server.crt
TLSCertificateKeyFile /etc/pki/tls/private/server.key

As I understand it, we must also import information about the filenames of new certificates into the LDAP-schema. Can you complete this part of your guide?

My cert/key have :   -rw-r--r-- (root:root)
Apache, dovecot and postfix sucsessfully started and works with my certs/key.

I corrected my original phrase. I wanted to say "... we must also import information about the filenames of new certificates into the LDAP-schema ..."

I doubt
iRedMail.crt certificate is installed by default with such rights as I have. My certificate was originally rights 0600 (owners root: root). then I changed them in different combinations, but with my certificates SLAPD does not start.

This blog is not very fresh, but it is the most complete description of the actions of those that I have found:
http://rogermoffatt.com/2011/08/24/ubun … th-ssltls/

I have not tried this method, because I would like to get advice from the developers.

With old (original) iRedMail cert/key files i have not any problems. I need set my own sert/key, but i cannot with your guide (only for SLAPD).
Can you help?

root@server11:/etc/ldap# service slapd restart
Job for slapd.service failed. See 'systemctl status slapd.service' and 'journalctl -xn' for details.
root@server11:/etc/ldap# journalctl -xn | grep ldap
                                                  buildd@babin:/build/openldap-nFTO9j/openldap-2.4.40+dfsg/debian/build/servers/slapd
root@server11:/etc/ldap# journalctl -xn | grep slap
окт 27 08:16:03 server11 slapd[790]: DIGEST-MD5 common mech free
окт 27 08:16:03 server11 slapd[18100]: Stopping OpenLDAP: slapd.
окт 27 08:16:03 server11 slapd[18108]: @(#) $OpenLDAP: slapd  (Sep 11 2015 15:11:55) $
                                                  buildd@babin:/build/openldap-nFTO9j/openldap-2.4.40+dfsg/debian/build/servers/slapd
окт 27 08:16:03 server11 slapd[18108]: DIGEST-MD5 common mech free
окт 27 08:16:03 server11 slapd[18105]: Starting OpenLDAP: slapd failed!
окт 27 08:16:03 server11 systemd[1]: slapd.service: control process exited, code=exited status=1
-- Subject: Ошибка юнита slapd.service
-- Произошел сбой юнита slapd.service.
окт 27 08:16:03 server11 systemd[1]: Unit slapd.service entered failed state.
root@server11:/etc/ldap#

here you are (see picture in attachment)

my apache, dovecot and postfix no need any password to start with my certificate

all ok but service not starts