# Unable to add domain with LDAP SSL certificate. ## Problem You will see an error as "SSL certificate not found in AD" or "The specified port number is not reachable" under **Admin tab -> SoM -> Add Computers -> Add domain page**, while trying to include security certificates. ## Cause This error will occur in the following cases: 1. When the port number specified is not reachable. 2. When the security certificates are not uploaded in Active Directory (AD). ## Resolution You can resolve this issue as follows: **Check and ensure that the port configured is not blocked or used by some other operation (default being port - 636).** - From the machine where the Endpoint Central Server is installed, open Command Prompt and type the following command. Check if the specified Domain Controller is live and reachable: **telnet (domain controller name/IP/FQDN) (port number)** **Example:** `telnet 127.0.0.1 636` If you are able to establish the connection, then the port is not blocked and your domain controller is live. **Check and ensure that you have pushed the necessary security certificates to your Active Directory.** - Refer to [this page](https://support.microsoft.com/en-in/help/321051/how-to-enable-ldap-over-ssl-with-a-third-party-certification-authority) to know the steps to push security certificates to Active Directory. **Check and ensure the trust relationship between the Server and Certification Authority** - Refer to [this page](https://msdn.microsoft.com/en-us/library/cc750534.aspx) to know the steps to enable the trust relationship between the machine in which your Endpoint Central Server is running and the Certification Authority. - If the domain you want to add and the machine in which your Endpoint Central Server is running belong to different forests, ensure you have created a two-way forest trust. - If you have segregated your network into various forests, ensure you have created a two-way forest trust. Refer to [this page](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc778851(v=ws.10)) to know the steps to create a two-way forest trust on both sides. ## Unable to resolve this issue? If you still have trouble resolving the issue, contact support at [endpointcentral-support@manageengine.com](mailto:desktopcentral-support@manageengine.com).