You are able to connect with ldap:// to Symantec Directory DSA, but unable to connect via ldaps://.

e.g.
ldapsearch -x -H ldap://<Hostname/IP>:10389 -LLL -b "dc=company,dc=com" -s sub "uid=id001" (WORKS)
ldapsearch -x -H ldaps://<Hostname/IP>:10389 -LLL -b "dc=company,dc=com" -s sub "uid=id001" (DOES NOT WORK)

You have confirmed the certs are in good health.
When setting the trace log level to 'all', you may see: 

! [0] Accepting call from TCP 11.111.11.1111:1111
! [1] GetRemoteHostName: No host name
! [1] Call closed 18

Release : 14.0

Component : CA Directory

Problem could be due to not setting up environment variable called LDAPTLS_CACERT that is required by 'ldapsearch' command line tool.

For Directory tools (i.e. DXtools such as dxsearch, dxmodify etc.) we document the same but the variable is called LDAPCONF as referenced here:

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/directory/14-1/ca-directory-concepts/directory-ssl-encryption/configuring-the-dxtools-to-use-ssl.html

For LDAP tools, which is out side of Directory product, requirement is to set LDAPTLS_CACERT environment variable the same way as LDAPCONF mentioned above. 

e.g.
env LDAPTLS_CACERT=/etc/openldap/cacerts.pem 

followed by:

ldapsearch -x -H ldaps://<Hostname/IP>:10389 -LLL -b "dc=company,dc=com" -s sub "uid=id001"