In terms of localhost I included 127.0.0.1 as an alternative name for the server cert. This was mostly for testing purposes and for the reason my ldap server runs as a docker container on a linux container. I was trying to reach the openldap container from the docker host.