![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 52%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ1%3C/text%3E%3C/svg%3E)
20,213 questions
Hi
1) My current CA server is running Server 2012 (an upgrade is in its future). Do I need a CA server running Server 2016? Would Server 2019 work? 2022?
No, your current CA can issue the certificate that can be used on 2016 DCs
2) Will configuring LDAPS alter the ability to use non-SSL connections?
No, LDAPS connection are on port 636, while non-SSL connections will be on 389
3) If I use self-signed certificates will I hate life down the road?
Not really, the only issue is that you will need to trust the self-signed certificate on the systems connecting on the LDAPS connection
4) Follow-up to #3, is buying a commercial certificate worth the cost? I’m not cheap, I’m frugal.
I wouldn't waste your money, as you have an internal CA which will work
5) If I bungle the creation of the certificate can the domain controller lose connectivity to other devices on the network?
Nope, if you don't have a certificate on the DC already it's unlikely that anything is making LDAPS connections
6) Are there any other caveats or “gotchas” I need to watch out for?
You just need to install the certificate correct in the right certificate store and everything should be good.
If you do have problems or you want to check the current status of your LDAPS connections, check out this article.
https://nettools.net/howto-troubleshoot-ad-ldaps-connection-issues/
Gary.