Comment 4 for bug 37135

An alternative solution would be to tell ldap to ignore bad certificates. This is the designed behavior, not a bug, and the suggested solution is the correct one.