Steps to enable SSL for VIP Userstore
If the LDAP server is configured with SSL and if you have selected the Enable SSL option, you must ensure the following:
Import the root and the intermediate certificates that are associated with the SSL certificate that the LDAP server uses, to VIP Enterprise Gateway Trusted CA Store. (See "Trusted CA Certificates" in your VIP Enterprise Gateway Installation and Configuration Guide for more details)
Adding the root and the intermediate certificates make LDAP Server connection from Configuration Console, Self Service Portal, VIP Manager, IdPs, and LDAP Sync successful.
As the Validation Server uses windows native LDAP client, you must add the root and the intermediate certificate to the Windows certificate store. To do this configuration, navigate to MMC (Enterprise Gateway Server) -> Add/Remove Snap-in -> Certificates and import the root and the intermediate certificates that are associated with LDAP.
Subject Name in the LDAP SSL certificate must have the Fully Qualified Domain Name (FQDN), including the host name of the LDAP server.
Restart all the Validation servers after these changes have been completed.
For Microsoft LDAP, enable SSL over LDAP using instruction from Microsoft : How to enable LDAP over SSL with a third-party certification authority (http://support2.microsoft.com/kb/321051)