I saw similar problems to what you are having but it was for openssl and can be fixed by running an openssl command plus some options. In your case it seems the NSS database isn't in the format ldap client expects.On Oct 27, 2011, at 2:27 PM, Daniel Qian wrote:why don't you simply try TLS_CACERT /etc/pki/nssdb/<filename> instead of TLS_CACERTDIR /etc/pki/nssdbBecause the cert isn't in a text file; it's in the NSS database.