Sometimes this is necessary since the server “appears” to be running (netstat -an|grep 636 returns port in LISTEN state, but the daemon behind is not operative because (for instance) the certificate has not been installed.
If this is the case, grab an openssl client and issue the following command:
openssl s_client host <address of the target host> –port 636 (this is LDAPS standard port)
If server does have valid certificate you should get answer like:
If it does not, you’ll get something like this: