Hello all,
I have managed to get LDAPS communication working fine by setting up the following:
- Using a GPO (or whatever automated process) I am getting our root and intermediate domain controller certificates (in .cer format ) from a central infrastructure share and copying them into the supplemental folder.
This ensures that they are loaded by 8.x gateways and the domain itself is trusted.
I use Keystore Explorer to check in the embedded java CACERTS store and I see the domain certificates correctly imported.
I am also adding a System environment variable : “JAVA_TOOL_OPTIONS=-Djavax.net.ssl.trustStoreType=WINDOWS-ROOT” and with all the above done it works seamlessly. Not sure if all the above is required but it works this way 
So the LDAPS part is good.
Now i’m looking at the SSL part - i have got it working for one gateway but am looking for a more global approach to manage multiple servers. If anything comes from that topic i’ll post a link to it here for future hunters to follow the breadcrumbs
Thanks all for your help.
If you’re having issues getting LDAPS working, reply here and someone will help !!