I support a LAMP stack with PHP-FPM on CentOS 7 that needs to connect to Active Directory over SSL. We have a root certificate for the domain. I was able to set this up in five steps.
1. Get the domain's root SSL certificate in base64. (Must be an Enterprise Administrator - talk with your admin if you are not one.)
Run mmc.exe
File -> Add/Remove Snap-in
Select Certification Authority, then the server that generates certificates for your domain.
Expand the tree until you find the entry for the root certificate, then right click->Properties.
Click the "View Certificate" button, The "Details" tab, then the "Copy to File..." button.
Use the wizard to export the root certificate to your computer. Ensure you use the Base-64 format.
2. Copy the root cert to the Linux server. You can open the certificate in notepad and copy and paste the contents.
3. Convert the certificate to pem format. Substitute the names of files as needed.
openssl x509 -in <copied certificate file> -out /etc/openldap/certs/<cert>.pem
4. Add a line in ldap.conf to use new root cert.
vi /etc/openldap/ldap.conf
TLS_CACERT /etc/openldap/certs/<cert>.pem
5.Restart the PHP service.
systemctl restart php-fpm.service
