Establishing trust of the LDAPS TLS chain

Before generating the LDAPS TLS certificates, configure the Active Directory Forest to trust the certificate chain. Otherwise, there is a risk of breaking the LDAP communications between the various domain controllers. As explained below, the recommended method to configure the LDAPS certificate chain trust is to create a GPO (Group Policy Object) linked to all domains in the Active Directory Forest.

• Creating a Group Policy Object for the LDAPS TLS certificate chain

• Importing the LDAPS TLS certificate chain into the Group Policy Object

• Linking the TLS LDAPS Group Policy Object to all domains