Advanced SSL/TLS options require the presence of one or more security certificates on the directory server. You can consult the directory manufacturer documentation for certificate installation procedures and requirements.
A certificate offered by the directory server must include the fully qualified DNS name of the directory server as a value for the CN attribute of its subject. This requirement is enforced by OpenSSL and OpenLDAP. If the directory server certificate does not conform to this requirement it is not be usable by TDGSS.