1. Get the self-signed certificate generated by the secure LDAP server (in a PEM format).

2. Install the self-signed certificate on the ProxySG.

• Open the management console, select the configuration tab >SSL > CA certificates.
• Click Import.
• Provide a name for the new certificate (such as secure_ldap) and paste the certificate details into the text box.  Click OK, then Apply.
• Next, go to SSL > CA Certificates and click on the CA Certificate lists tab.
• Edit the 'Browser-trusted' CA certificate list.
• Add the 'secure_ldap' certificate to the list on the right. Click OK, then Apply.

3. Edit the ‘default’ device profile.

• Select Configuration > SSL > Device Profiles.
• Highlight ‘default’ and click Edit.
  

3. Change the Keyring value from None to Default. Click OK, then Apply.

4. At the LDAP authentication realm.

• Under the LDAP Servers tab, select the ‘Enable SSL’ check box and make sure that the ‘SSL device profile’ is set to ‘default’.