Generating LDAPS TLS certificates on the ECS portal

Follow the steps described in Generating a PKCS #12 to generate a LDAPS TLS certificate for each domain. Specifically:

• Select the issuing CA described in Creating an Entrust-hosted Certificate Enrollment Gateway for WSTEP​

• Use the multiuse-p12-key-encipherment-client-server certificate profile described in Multiuse certificate profiles.

• The CN in the subject DN must match the FQDN of the Domain Controller (for example: dc.example.com).

• The validity period cannot exceed 397 days.

• The Subject Alternative Names must include a DNS matching the FQDN of the Domain Controller.