If you want to store a mix of encrypted and unencrypted files under the same area, choose plaintext passthrough, otherwise choose the default, no. I suggest an all or nothing approach, as it can get confusing as to which files are encrypted especially when they’re binary! (With ascii text files you can just cat a file and tell if it’s encrypted or not.)

If you submit an SSL certificate request for your Apache/Lighttpd web server to a Certificate Authority (CA) on a Windows Domain Controller, you might have to convert your resulting binary DER formatted Security Certificate into PEM so Apache or Lighttpd can understand it.

This doesn’t have to be complicated at all.  This was what I did on my ldap servers:
[user@ldap-primary /etc/openldap/cacerts ]$ sudo openssl req -newkey rsa:1024 -x509 -nodes -out ldap-primary.pem -keyout ldap-primary.pem -days 3650
[user@ldap-slave1 /etc/openldap/cacerts ]$ sudo openssl req -newkey rsa:1024 -x509 -nodes -out ldap-slave1.pem -keyout ldap-slave1.pem -days 3650
That’s it!  No messing …