Forum Discussion

lkubler's avatar
lkubler
Copper Contributor
Jan 14, 2025

LDAPS and Certificate Creation

Hi, I've been asked to setup secure LDAP and convert all of our LDAP services to LDAPS.  Something totally new to me, so I've been trying to teach myself.  One issue I've run into is I'm not finding...
Windows Server
kyazaferr's avatar
kyazaferr
MCT
Oct 08, 2025

How to convert LDAP to LDAPS (Active Directory)
Prepare certificates
Issue or renew a server certificate for each Domain Controller from your internal CA.
The certificate must be in the Local Computer → Personal → Certificates store.
Ensure trust chain
All clients and servers must trust the issuing CA (root + intermediate certificates).
Restart Domain Controller
After installing the certificate, restart the DC or the Active Directory Domain Services so LDAPS starts listening on port 636.
Test LDAPS
Use the built-in LDP tool (ldp.exe):If it connects and displays the RootDSE information, LDAPS is working.
Connection → Connect → [DC name] → Port 636 → SSL
Update clients
Modify your applications, appliances, and services to use LDAPS (port 636) instead of LDAP (389).
Verify that the FQDN in their configuration matches the certificate subject.

Resources