diff --git a/en_US/integrations/active.directory.md b/en_US/integrations/active.directory.md
index e442e693..0f91f833 100644
--- a/en_US/integrations/active.directory.md
+++ b/en_US/integrations/active.directory.md
@@ -9,7 +9,7 @@ __NOTES__:
   accounts with Active Directory management tools.
 
 * This tutorial has been verified on Windows Server 2000, 2003, 2008, 2012,
-  2016, if you tested it on other versions and works well, please let us
+  2016, 2019, if you tested it on other versions and works well, please let us
   know. [Contact us](https://www.iredmail.org/contact.html)
 
 ## Summary
@@ -102,6 +102,22 @@ If you're using LDAPS, replace `-h ad.example.com` by
 Enter password: password_of_vmail
 ```
 
+If LDAPS doesn't work, you may need to update parameter `TLS_CACERT` in
+`/etc/openldap/ldap.conf` (RHEL/CentOS) or `/etc/ldap/ldap.conf` to use correct CA
+certificate. For example:
+
+- on CentOS: use `/etc/pki/tls/certs/ca-bundle.trust.crt`:
+
+```
+TLS_CACERT /etc/pki/tls/certs/ca-bundle.trust.crt
+```
+
+- on Debian/Ubuntu, use `/etc/ssl/certs/ca-certificates.crt`:
+
+```
+TLS_CACERT /etc/ssl/certs/ca-certificates.crt
+```
+
 ### Enable LDAP query with AD in Postfix
 
 Disable unused iRedMail special settings:
diff --git a/html/active.directory.html b/html/active.directory.html
index 32f34c94..eecae06f 100644
--- a/html/active.directory.html
+++ b/html/active.directory.html
@@ -46,7 +46,7 @@
 </li>
 <li>
 <p>This tutorial has been verified on Windows Server 2000, 2003, 2008, 2012,
-  2016, if you tested it on other versions and works well, please let us
+  2016, 2019, if you tested it on other versions and works well, please let us
   know. <a href="https://www.iredmail.org/contact.html">Contact us</a></p>
 </li>
 </ul>
@@ -136,6 +136,21 @@ Enter password: password_of_vmail
 Enter password: password_of_vmail
 </code></pre>
 
+<p>If LDAPS doesn't work, you may need to update parameter <code>TLS_CACERT</code> in
+<code>/etc/openldap/ldap.conf</code> (RHEL/CentOS) or <code>/etc/ldap/ldap.conf</code> to use correct CA
+certificate. For example:</p>
+<ul>
+<li>on CentOS: use <code>/etc/pki/tls/certs/ca-bundle.trust.crt</code>:</li>
+</ul>
+<pre><code>TLS_CACERT /etc/pki/tls/certs/ca-bundle.trust.crt
+</code></pre>
+
+<ul>
+<li>on Debian/Ubuntu, use <code>/etc/ssl/certs/ca-certificates.crt</code>:</li>
+</ul>
+<pre><code>TLS_CACERT /etc/ssl/certs/ca-certificates.crt
+</code></pre>
+
 <h3 id="enable-ldap-query-with-ad-in-postfix">Enable LDAP query with AD in Postfix</h3>
 <p>Disable unused iRedMail special settings:</p>
 <pre><code class="shell">postconf -e virtual_alias_maps=''
