To set up the certificate correctly for use with LDAPS please follow Microsoft's guide which can be found here: Configuring LDAPS Certificate
On the SSB, please ensure that a Bind DN and a Bind user (with a password) is set within the LDAPS settings otherwise the connection will not succeed.
NOTE - The Bind user needs to be specified with a pre-Windows 2003 username (Administrator@DOMAIN.NAME) in order to work correctly.
Once configured SSB will query AD for credentials and groups specified. It is important that the groups within the SSB and the groups in AD match and are present in both locations otherwise permissions will not apply within the SSB correctly and users may be rejected login access.