I suspect I have a problem with my certs after applying NW65SP8 as I get an error 503 trying to access iManager, and have LDAP connectivity issues

I;'ve tried the options in TID 7000759 but no resolution - running tckeygen.ncf gives

Exporting the Host certificate from:localhost
Error importing certificate to keystore: sys:\adminsrv\conf\.keystore
com.novell.ecb.CommandException: Connection refused
at com.novell.ecb.security.RetrieveHostCertificates.r etrieveHostCertific
ates(Unknown Source)
at com.novell.ecb.security.RetrieveHostCertificates.e xecute(Unknown Sour
ce)
at com.novell.application.tomcat.util.EDirectoryInteg rator.retrieveAllHo
stCertificates(EDirectoryIntegrator.java:942)
at com.novell.application.tomcat.util.EDirectoryInteg rator.performKeysto
reWork(EDirectoryIntegrator.java:888)
at com.novell.application.tomcat.util.EDirectoryInteg rator.integrate(EDi
rectoryIntegrator.java:526)
at com.novell.application.tomcat.util.EDirectoryInteg rator.main(EDirecto
ryIntegrator.java:122)

Any suggestions?