SSL is used for securing communication in two different ways:
For securing communication between the Remote Loader and the engine: This is activated by specifying the string kmo="<name of SSL Cert>" in the Remote Loader connection parameters of the driver configuration. For more information, see Creating a Secure Connection.
For securing communication between the driver shim and the domain controller: If you select the option, this setting is done in the driver configuration for securing communication between the Remote Loader and the domain controller when the driver shim is installed on a member server instead of a domain controller.
The SSL parameter in the driver configuration is for SSL connection between the Active Directory driver and Active Directory. It is not for SSL connection between the Metadirectory engine and the Remote Loader. See Encryption Using SSL.