Cache for Windows (x86-64) 2015.1 (Build 429U) Fri Feb 13 2015 14:37:23 EST [HealthShare Modules:Core:12.07.3703 + Linkage Engine:13.04.3703] Use case: Search an LDAP database from Caché over TLS using Mutual Authentication. Extract from the [%SYS.LDAP](http://docs.intersystems.com/cache201513/csp/documatic/%25CSP.Documatic.cls?PAGE=CLASS&LIBRARY=%25SYS&CLASSNAME=%25SYS.LDAP) documentation:
Secure Connections:
For a Windows client, make sure you have the CA certificates already loaded in the Certificates(local computer)\Trusted Root Certification Authorities certificate store. NOTE: If the certificates are stored in the Certificates(current user)\Trusted Root Certification Authorities certificate store, then the SSL connection may fail with Error code 81 if the process is running in the background. For a Unix client, make sure the protections on the certificate file allow your process to be able to read it, and that any additional certificate or LDAP options are specified in the ldap.conf file.
To create a secure SSL connection to an LDAP server, here are the calls you need to make for each platform type."

1) Windows Client to Windows Active Directory LDAP server.
Using the StartTLSs call
s LD=##Class(%SYS.LDAP).Init("ldapserver.example.com",389)
s Status=##Class(%SYS.LDAP).StartTLSs(LD)

or

Using a direct connection to the LDAP SSL port.
s LD=##Class(%SYS.LDAP).Init("ldapserver.example.com",636)"
  Does %SYS.LDAP support TLS Mutual Authentication on Windows? Assuming TLS Mutual Authentication is supported on Windows: The documentation states that the CA certificates need to be loaded in the Certificates(local computer)\Trusted Root Certification Authorities certificate store.  What about the client certificates?  On Unix and VMS  %SYS.LDAP:SetOption() provides for setting the location of an x.509 client certificate and private key.   On Windows, how does %SYS.LDAP know where to find the x.509 client certificates? And how does it differentiate between multiple x.509 client certificates?