Only LDAP data transfers are exposed. Other authentication or authorization data using Kerberos, SASL, and even NTLM have their own encryption systems. The Microsoft Management Console (mmc) snap-ins, since
Windows 2000 SP4 have used LDAP sign and seal or
Simple Authentication and Security Layer (SASL) and replication between domain
controllers is encrypted using Kerberos.
Warning Before you install a certification authority (CA), you should be aware that you
are creating or extending a public key infrastructure (PKI). Be sure to design a PKI that is appropriate for your organization. See
PKI Design Brief Overview for additional information.
To request a certificate from your LDAPSL server, do the following on each domain controller that requires LDAPS connections: