Add Certificate Manager role Enable probably something like Certificate Manager role on DC: With PowerShell: Create the certificate template Win+R, certsrv.msc: Win + R, mmc, File -> Add/Remove Snap-in… or probably better go to and create a new certificate template: Create a new certificate Win + R, certlm.msc: Export the certificate File name: C:\Users\Administrator\Downloads\ldaps.pfx Assign the certificate to the service Win + R, mmc: Querying from a client machine Installing the certifi...