I know that I could set-up a slave server, but that would be not as transparent s0 I'd prefer my idea of havingslapd -h ldaps://192.168.10.1:636/ ldaps:/192.168.10.1:637/ each using a different certificate.
I did so: I put two ldap slave servers (server-server-new and server-old). On the server-old I put the old certificate on the server-new I put the new certificate.
The old applications I point to the server-old and the other applications I use the server-new.
Sincerely, jarbas