I'm trying to get LDAPSearch with TLS via ECMAScript working.

Enabling +LDAP in ndstrace shows the issue is that the certificate is
the problem:

2937427712 LDAP: [2016/04/06 9:54:28.651]
(XX.XX.XX.XX:38647)(0x0000:0x00) DoTLSHandshake on connection 0x82a9bc00
error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate unknown - SSL alert number 46

However the correct certificate is imported to the correct keystore
with alias tree_ca

I verified this with:

keytool -keystore
-storepass changeit -list -rfc -alias tree_ca

Path above is the same as used in

As this is a production box, haven't yet restarted eDirectory - is this
a pre-req?

Plain-text (non SSL) LDAPSearch works just fine against same box.