Setting up an External Active Directory such as an on-premise domain requires LDAP over SSL (LDAPS), which uses an SSL Certificate to secure the connection. This certificate can either be self-signed using a Certification Authorization installed on your domain, or through the use of third-party Certificate Authority. This article provides the links to the configuration instructions for each scenario.
Setting up LDAPS using a self-signed certificate
To set up a self-signed certificate, you will first need to install the Active Directory Certificate Services module on your domain to issue the certificate. The following Microsoft article provide the steps for installing the Certification Authority module:
Install the Certification Authority
Once the Certification Authority module has been installed, you will then need to generate a self-signed certificate and configure LDAPs. The following Microsoft article provides the instructions for configuring LDAPS with a self-signed certificate:
LDAP over SSL (LDAPS) Certificate
- Open the certificate authority management console
- Right click on Certificate Templates and choose manage
- Right click on LDAPs and choose properties
- Select the Subject tab and select the radio button by "Supply in request"
- Click Apply
- Click OK
Setting up LDAPS using a third-party certificate
If you opt to purchase a certificate from a third-party Certificate Authority, the following Microsoft article will provide the instructions for enabling LDAPS with that certificate:
How to enable LDAP over SSL with a third-party certification authority