I have everything working over standard LDAP, and those calls are local to the same datacenter, so SSL is not a must-have, but nevertheless, I'd like to get it working if possible.

I've used LDAP over SSL in other applications before, and I've never had to provide a root certificate. Where do I get that? Also, our LDAP is clustered, will each server have its own cert? Won't that cause problems?

I've tried generating or exporting the cert in several ways, and none has worked. When I restart MA, I get "LDAP server is not available" in the nmaa.err log.