Then check if your certificat meets the requirements
Setup LDAPS (LDAP over SSL)
The Certificate to be used for LDAPS must satisfy the following 3 requirements:
• Certificate must be valid for the purpose of Server Authentication. This means that it must also contains the Server Authentication object identifier (OID): 220.127.116.11.18.104.22.168.1
• The Subject name or the first name in the Subject Alternative Name (SAN) must match the Fully Qualified Domain Name (FQDN) of the host machine. For more information, see How to add a Subject Alternative Name to a secure LDAP certificate .
• The host machine account must have access to the private key
I have generated public certificate with CN=FQDN of domain server, there is also key extension in certificate with: server auth (OID: 22.214.171.124.126.96.36.199.1), certificate CSR was done on domain controller then imported newly issued certificate into computer account certificates.
Then I have imported also CA_root certificate to Fortigate.
As I told from my pc when use application like lpdadmin I can connect to FQDN of my domain controller on port 636, I then confirm this on domain controller by command netstat -an | find ":636" that connection is established. If I choose IP address on lpadmin instead of FQDN domain controller, then I cannot connect on 636 port, so I think this provide that LDAPS is working correctly.
But on Fortigate side, when connecting using secure connection with 636 port, I cannot connect.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.