diff --git a/app/unit/LDAPServerUnit.js b/app/unit/LDAPServerUnit.js
index 035f3a8..7d47638 100644
--- a/app/unit/LDAPServerUnit.js
+++ b/app/unit/LDAPServerUnit.js
@@ -2,6 +2,7 @@ const Unit = require('libflitter/Unit')
 const LDAP = require('ldapjs')
 const Validator = require('email-validator')
 const net = require('net')
+const fs = require('fs')
 
 // TODO support logging ALL ldap requests when in DEBUG, not just routed ones
 // TODO need to support LDAP server auto-discovery/detection features
@@ -77,7 +78,11 @@ class LDAPServerUnit extends Unit {
 
         // If Flitter is configured to use an SSL certificate,
         // use it to enable LDAPS in the server.
-        if ( this.express.use_ssl() ) {
+        if ( this.config.ssl?.enable ) {
+            this.output.info('Using configured SSL certificate. The LDAP server will require an ldaps:// connection.')
+            server_config.certificate = fs.readFileSync(this.config.ssl.certificate)
+            server_config.key = fs.readFileSync(this.config.ssl.key)
+        } else if ( this.express.use_ssl() ) {
             this.output.info('Using configured SSL certificate. The LDAP server will require an ldaps:// connection.')
             server_config.certificate = await this.express.ssl_certificate()
             server_config.key = await this.express.ssl_key()
diff --git a/config/ldap/server.config.js b/config/ldap/server.config.js
index 824a229..db93e14 100644
--- a/config/ldap/server.config.js
+++ b/config/ldap/server.config.js
@@ -5,6 +5,12 @@ const ldap_server = {
     max_connections: env('LDAP_MAX_CONNECTIONS'),
     interface: env('LDAP_LISTEN_INTERFACE', '0.0.0.0'),
 
+    ssl: {
+        enable: env('LDAP_SSL_ENABLE', false),
+        certificate: env('LDAP_CERT_PATH'),
+        key: env('LDAP_CERT_KEY_PATH'),
+    },
+
     schema: {
         base_dc: env('LDAP_BASE_DC', 'dc=example,dc=com'),
         authentication_base: env('LDAP_AUTH_BASE', 'ou=people'),