If you are using transport layer security (TLS), you must install the necessary PEM certificate files. In particular, all of the self-signed server certificate and CA certificate files that are used to validate the LDAP server and possibly client access to the server are required. For example, if you have the PEM CA certificate certdb.pem, you must ensure that this file is added and readable in the certificate path.
For information about how to create and manage PEM format certificates, see the section about configuring LDAP clients to use SSL in the “Managing SSL” chapter of the Administrator's Guide for the version of the Oracle Directory Server Enterprise Edition you are using. After configuration, these files must be stored in the location expected by the LDAP naming service client. The certificatePath attribute determines this location. By default, this location is in /var/ldap.
For example, after creating the necessary PEM certificate file, such as certdb.pem, copy that file to the default location as follows:
# cp certdb.pem /var/ldap
Next, give everyone read access.
# chmod 444 /var/ldap/certdb.pem