We have enabled LDAP signing on our DCs. Only the applications with third party SSL certificate installed are able to connect for LDAP queries others are not.
We have also enabled LDAP client signing requirement policy as "Require Signing" on these clients.
These clients run Java applications on both Windows and Linux machines.
In order to enable these clients to successfully query LDAP, We suggested the application owners to use LDAPS over port 636.
Do we need to install a self signed certificate on these application servers to make this work and also do we also need to install the certificate of the DC on these application servers they are attempting to connect to.