What is the exact error you're getting? If you cannot connect, then it may not be a certificate problem. The recommended procedure is to use the client to accept the LDAP cert.
If you have a cluster, then you can manually add certificates to the keystore:
there are multiple LDAP servers with different host certificates, the
root CA certificate must be added to the trusted key store.
However, you should try the default steps first, all the information can be found here:
Hope this helps!