| From the vSphere Client, go to Administration >> Single Sign On >> Configuration >> Identity Provider. |
Click the "Identity Sources" tab.
For each identity source of type "Active Directory over LDAP" where LDAPS is not configured, highlight the item and click "Edit".
Ensure the primary and secondary server URLs, if specified, are configured for "ldaps://".
At the bottom, click the "Browse" button, select the AD LDAP cert previously exported to your local computer, click "Open", and "Save" to complete modifications.
Note: With LDAPS, the server must be a specific domain controller and its specific certificate or the domain alias with a certificate that is valid for that URL.