Under General ->Settings->LDAP Tab, checking the "Use SSL" checkbox means that the hub will switch to using the LDAP SSL port and SSL communication when talking to the LDAP server.
There is no need to add a client certificate. The communication between the hub and the LDAP server will be encrypted, provided that the LDAP server has a valid certificate and is configured to talk SSL.
It creates an LDAP session handle that is SSL enabled.
Of course, you will have a certificate on the LDAP server to implement SSL in the first place, but as far as the hub is concerned, it simply makes an ldaps:// connection instead of an ldap:// connection.
It uses port 636 (secure ldap port) instead of port 389 (normal ldap) so make sure you can connect FROM the hub TO the LDAP server using that port.
So, the requests will be SSL-encrypted but we don't support client-side authentication (where you would put a certificate on the hub itself to 'match' the certificate on the ldap server).
To test the connection FROM the primary hub you can do a telnet query for port 389 (LDAP) or port 636 (LDAP SSL)
telnet <hostname_or_ipaddress> 389
You should see something like this:
telnet <ldapsrvip> 389
Connected to mainldapsrv.example.com.
Escape character is '^]'.
You could also use nmap,
nmap hostip 389
There is also a Microsoft tool called PortQry that will give you a lot of info about a port(s):
PortQry.exe -n hostip -p tcp -e 389
just replace 389 with 636 for LDAP SSL
In any case, if you don’t find any problems when testing the connection, you can enable the LDAP SSL and then test the connection while you have the hub.log open, after setting the loglevel to 5 and logsize to 40000, to observe what the hub complains about regarding the connection. Please then attach the log showing the connection failure or success. General LDAP Failure codes can be found here: https://www.ldap.com/ldap-result-code-reference
Please note that anonymous simple bind must be enabled if you’re not running hub v7.80 HF7 or higher.