Configuring Active Directory LDAP SSL using a 3rd party certificate.

By default all communications with LDAP servers (including Active Directory) are non-encrypted. This means any data (including credentials) will be sent in the clear. In order to protect your data and credentials you must configure your domain controller to allow SSL communications. In order to do this you must install an encryption certificate on the domain controller you wish to communicate with.

Please see this Microsoft Support (https://support.microsoft.com/en-us/help/321051/how-to-enable-ldap-over-ssl-with-a-third-party-certification-authority) article for more information.