diff --git a/ldap.conf b/ldap.conf
index 84bddc1..3069535 100644
--- a/ldap.conf
+++ b/ldap.conf
@@ -12,7 +12,10 @@
 #TIMELIMIT	15
 #DEREF		never
 
-TLS_CACERTDIR	/etc/openldap/certs
+# When no CA certificates are specified the Shared System Certificates
+# are in use. In order to have these available along with the ones specified
+# by TLS_CACERTDIR one has to include them explicitly:
+#TLS_CACERT	/etc/pki/tls/cert.pem
 
 # Turning this off breaks GSSAPI used with krb5 when rdns = false
 SASL_NOCANON	on
diff --git a/slapd.ldif b/slapd.ldif
index 4105131..b9ba4f9 100644
--- a/slapd.ldif
+++ b/slapd.ldif
@@ -9,9 +9,14 @@ cn: config
 #
 # TLS settings
 #
-olcTLSCACertificatePath: /etc/openldap/certs
-olcTLSCertificateFile: "OpenLDAP Server"
-olcTLSCertificateKeyFile: /etc/openldap/certs/password
+# When no CA certificates are specified the Shared System Certificates
+# are in use. In order to have these available along with the ones specified
+# by oclTLSCACertificatePath one has to include them explicitly:
+#olcTLSCACertificateFile: /etc/pki/tls/cert.pem
+#
+# Private cert and key are not pregenerated.
+#olcTLSCertificateFile:
+#olcTLSCertificateKeyFile:
 
 #
 # Do not enable referrals until AFTER you have a working directory