After upgrading from R12.8SP1 to SP4, Policy Server fails to connect to LDAP userstore via SSL.
[SmDsLdapConnMgr.cpp:917][ERROR][sm-Ldap-01370] SmDsLdapConnMgr Bind. Server ldapserver.test.lab : 636. Error 81-Can't contact LDAP server
When reverting the Policy Server to old version the connection works again.
There was no change to the certificate on the LDAP servers.
cert8.db was generated using the older version of Policy Server and is no longer compatible with the NSS library bundled with R12.8SP4.
certutil -L -d .
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.
Release : 12.8.04
Component : SITEMINDER -POLICY SERVER
Create a new cert8.db using the certutil that comes with R12.8SP4.
How to generate cert8.db and import CA certificates.
Launch smconsole and point to the new cert8.db and restart the policy server.