Configuring LDAPS for Active Directory

I’ve been researching for hours and just can’t seem to figure out how to get this working. I’m using Proxmox VE as the host hypervisor on my server. I have a VM running Windows 2019 Server and Ubuntu 21.10 Server. I have setup Active Directory on Windows and Keycloak on Ubuntu (no docker). Federation between the two is basically working but users aren’t able to create accounts because Keycloak isn’t able to change passwords on AD. After much, much digging, I concluded that AD doesn’t allow remote LDAP connections to change passwords, only LDAPS. I followed the guide here:

and exported the key. It took a while to find but it seems I need to take the resulting .pfx (which seems to be able to be exported in different ways so please tell me the correct export options in Certificate Manager if .pfx isn’t right) and somehow get it into the Java keystore. I’ve tried every Stack Overflow post and guide I can find, but I am not able to find how to properly convert this cert into the proper format (if that’s even needed) and import it into the keystore. An interesting thing to note is, after checking in JAVA_HOME, which seems to be in /usr/lib/jvm/java-11-openjdk-amd-64

So I guess my questions are:

  1. Did the guide I followed have the proper instructions for creating and setting up LDAPS on the Windows side?
  2. Is .pfx format okay and what are the proper exporting steps in Certificate Manager on Windows?
  3. How do I get my Java keystore in proper order on Ubuntu? (converting cert, creating/validating keystore, etc.

I would greatly appreciate any advice anyone has. I know a lot of this is out of the scope of Keycloak specifically but I just don’t know where to go to get information about this at this point. Also, I’ve attached an image with my federation configuration as well as the errors I’m receiving. I had to combine it all into one as I’m not allowed to post more than 1 image so apologies for that in advanced.