After obtaining the Active Directory server certificate, you must install the certificate into Active Directory. After processing the CSR with Entrust PKI as a Service or an on-premises CA, complete the certificate request to install the certificate into Active Directory. When the certificate is installed, LDAPS is automatically enabled in Active Directory.

To complete a certificate request and install the Active Directory server certificate

1. Log into Active Directory as a member of the Domain Admins group.
2. Run mmc.exe (Select Start > Windows System > Run, then enter mmc.exe).
   The Microsoft Management Console appears. 
   
3. Select File > Add/Remove Snap-in.
   The Add or Remove Snap-ins dialog box appears.
   
4. In the Available snap-ins list, select Certificates.
5. Click Add.
   The Certificates snap-in dialog box appears.
   
6. Select Service account.
7. Click Next.
   The Select Computer dialog box appears.
   
8. Select Local computer.
9. Click Next.
   The Certificates snap-in dialog box reappears.
   
10. Select Active Directory Domain Services.
11. Click Finish.
    The Certificates snap-in as added to the list of Selected snap-ins.
12. Click OK.
    The Certificates snap-in appears in the Microsoft Management Console.
    
13. In the tree view, select Certificates > NTDS\Personal.
14. Select Action > All Tasks > Import.
    The Certificate Import Wizard dialog box appears.
    
15. Click Next.
    The File to Import page appears.
    
16. Click Browse and then select the Active Directory server certificate.
17. Click Next.
    The Certificate Store page appears.
    
18. The NTDS\Personal certificate store is already selected. Click Next.
    The Completing the Certificate Import Wizard page appears.
    
19. Click Finish.