Ensure that everyone can read the PEM certificate file.
# chmod 444 /var/ldap/certdb.pem
Note -
More than one certificate file might reside in the certificate path.
Additionally, any given PEM certificate file might contain multiple PEM
format certificates that are concatenated together. Refer to your server
documentation for further details. The certificate files must be stored
on a local file system if you are using them for an LDAP naming service
client.