Configuring LDAPS on domain controllers running on Windows Server 2008 and Windows Server 2012
start the LDP utility and try to connect to the 127.0.0.1 address on the 636 port using SSL. The connection will be failed
issue a certificate for the domain controller and save it along with a private key within a PKCS#12 file as described here and here. The certificate should meet the following requirements:
the issuer is trusted both by the domain controller and LDAPS clients
the extended key usage attribute includes the server authentication OID (1.3.6.1.5.5.7.3.1)
the FQDN of the domain controller is included into the subject field or the subject alternative name extension
open the "Certificates - Service account - Local computer - Active Directory Domain Services" console and import the certificate and the private key from the PKCS#12 file into the "NTDS\Personal" certificate store
Comment: changes apply immediately thus there is no need to reboot the server or restart any services
start the LDP utility and try to connect to the 127.0.0.1 address on the 636 port using SSL. The connection will be successfully established