This is a fantastic resource for How to create an LDAPS Configuration with Jamf Pro.
Link:
How to create an LDAPS Configuration with Jamf Pro. – Rubyraccoon
Configuring Jamf Pro to Use LDAP Over SSL When Authenticating with Active Directory
The general process is as follows:
1) AD administrator generates a certificate request and sends it to the certificate authority (CA).
2) AD administrator installs the signed certificate and root certificate on the domain controller queried by Jamf Pro.
3) Jamf Pro administrator installs root certificate into Java keystore and restarts Tomcat (not applicable on Jamf Cloud shared instances).
4) Jamf Pro administrator configures Jamf Pro to use SSL.
you can also use openssl to get the certificate yourself
openssl s_client -connect server_name.domain.com:636 and then copy/paste the encoded cert into a file and name it with a .pem extension
To derive an SSL certificate from a domain controller using OpenSSL, you’ll first need to have OpenSSL installed on your system. This script assumes you have OpenSSL installed and are running it on a Linux-based system.
#!/bin/bash
# Check if domain controller and port arguments are provided
if [ "$#" -ne 2 ]; then
echo "Usage: $0 "
exit 1
fi
DOMAIN_CONTROLLER="$1"
PORT="$2"
CERT_FILE="dc_cert.pem"
# Get the SSL certificate from the domain controller
echo "Getting SSL certificate from ${DOMAIN_CONTROLLER}:${PORT}..."
echo | openssl s_client -connect ${DOMAIN_CONTROLLER}:${PORT} -showcerts 2>/dev/null | openssl x509 -outform PEM > ${CERT_FILE}
if [ $? -eq 0 ]; then
echo "SSL certificate saved to ${CERT_FILE}"
echo "You can now manually load the certificate into the Jamf Pro LDAP server settings console."
else
echo "Failed to get SSL certificate. Please check the domain controller and port and try again."
fi 