Setting up an External Active Directory such as an on-premise domain requires LDAP over SSL (LDAPS), which uses an SSL Certificate to secure the connection.  This certificate can either be self-signed using a Certification Authorization installed on your domain, or through the use of third-party Certificate Authority.  This article provides the links to the configuration instructions for each scenario.

Setting up LDAPS using a self-signed certificate


To set up a self-signed certificate, you will first need to install the Active Directory Certificate Services module on your domain to issue the certificate.  The following Microsoft article provide the steps for installing the Certification Authority module:


Install the Certification Authority


Once the Certification Authority module has been installed, you will then need to generate a self-signed certificate and configure LDAPs. The following Microsoft article provides the instructions for configuring LDAPS with a self-signed certificate:


LDAP over SSL (LDAPS) Certificate


If you are using an LDAPs namespace that is not a part of your main directory namespace you must modify the LDAPs template to allow the configuration of the certificate subject information. 
  1. Open the certificate authority management console
  2. Right click on Certificate Templates and choose manage
  3. Right click on LDAPs and choose properties
  4. Select the Subject tab and select the radio button by "Supply in request"
  5. Click Apply
  6. Click OK 
Once you have done this you can supply the subject when requesting the certificate.

Setting up LDAPS using a third-party certificate

If you opt to purchase a certificate from a third-party Certificate Authority, the following Microsoft article will provide the instructions for enabling LDAPS with that certificate:


How to enable LDAP over SSL with a third-party certification authority