Client unable to bind to LDAPs through LTM virtual for LDAPS

Active Directory Domain controllers use an internal active directory certificate authority. So xyz.local not xyz.com. The domain controller will be named DC01.xyz.local with a private or public IP of 1.2.3.4. Every server joined to Active directory automatically gets an internal certificate. My opinion, most admins are not going to do a public certificate for Active directory. Doesn't make sense and adds an un-needed level of complexity. The Certificate has Subject alternative name has DC01.xyz.local and no IP address specified. So to do LDAPS, the F5 needs to trust the active directory certificate authority AND accept a hostname of DC01.xyz.local instead of IP address to connect to the domain controller in order to secure LDAP (LDAPS). Because it is connecting with IP address and not hostname, Microsoft decides the connection is insecure and refuses the connection. This is the way I understand it to work after trying to connect with DNS and IP using LDAP testing tools and diving into the errors. You would need to contact Microsoft to get further information. P.S, it has been 2 years, I gave up and found an alternate method to authenticate that worked. Hope this helps you, but I'm not willing to spend more time on it.