I'm having some questions regarding TLS and self signed certificates with OpenLDAP 2.4.

I'm about to set up 2 OpenLDAP servers using SyncRepl for redundancy. But I can't get my head around how to correctly set up TLS and create the self signed certificates. The "first" OpenLDAP server is the CA at the moment.

What do I provide between the LDAP servers? What do I provide to the clients to be able to authenticate to the servers?

Any help that is straightening this out is much appreciated!

Best regards,