If your Active Directory instance uses self-signed certificates, exporting its certificate from Active Directory and importing it into Dash Enterprise allows certificate verification to remain enabled, which is more secure than using the “Disable LDAP Auth Certificate Checking” option in Dash Enterprise.
A different export process must be used for Azure Active Directory or Windows Server-based Active Directory.
1 - On your Active Directory domain controller, export the certificate for your domain controller as a Base-64 encoded X.509 (.CER) file and save it to your workstation
See the Microsoft documentation for details
2 - Browse to your Server Manager Settings
3 - Select the Use LDAP for authentication radio button and check Install a Self-Signed SSL Certificate for LDAP
4 - Click Choose File and select the certificate file you just exported, and click OK
5 - Click Save at the bottom of the page and Restart now to apply this change
These instructions were tested on Windows Server 2012 and 2019, and should be applicable to other versions as well.
1 - Click Start and run the Certification Authority tool.
2 - Choose your CA from the list on the left, then click Issued Certificates
3 - Find the certificate from your Domain Controller in the list on the right and double-click it
4 - Click the Details tab, then Copy to File to open the Certificate Export Wizard
5 - Click Next, then select Base-64 encoded X.509 (.CER) for the Export File Format
6 - Click Next
7 - Give the certificate a filename and click Next
8 - Click Finish
9 - Browse to your Server Manager Settings
10 - Select the Use LDAP for authentication radio button and check Install a Self-Signed SSL Certificate for LDAP
11 - Click Choose File and select the certificate file you just exported, and click OK
12 - Click Save at the bottom of the page and Restart now to apply this change