Workaround:

The above depends on version of JAVA in use. In newer versions of java there is requirement for SAN (Subject Alternative Name) to be present in the certificate that is being used to connect over SSL while in the older versions this was not a requirement.

To overcome this problem we need to pass "-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true" to java while launching JXplorer.

Try the following when using JXplorer:

For example: Use jxplorer.bat (located under the path where JXplorer is installed on your Windows system) to launch JXplorer after editing the .bat file and add the argument like shown below.

Original:
java -classpath ".;jars/;jasper/lib/" -Dfile.encoding=utf-8 %JXOPTS% com.ca.directory.jxplorer.JXplorer %*

Modified:
java -classpath ".;jars/;jasper/lib/" -Dfile.encoding=utf-8 -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true %JXOPTS% com.ca.directory.jxplorer.JXplorer %*

Once done, save the file and launch the LDAP browser using JXplorer.bat

Resolution:

 If the same requirement is presented with other tools or applications, you may want to use your own certificates for DSAs that have SAN included in it to avoid this situation.

a) You can use 'dxcertgen' tool still to generate self-signed certs including SAN.

b) You can use 'dxcertgen' command line tool to generate CSR (Certificate Signing Request) with SAN included, send the resulting CSR to get signed by your CA (Certificate Authority), when you get the signed cert in return, use the 'dxcertgen' command line tool to import the root CA and merge the signed cert.

Use JXPlorer to connect to a Symantec Directory DSA through SSL

Reference techdoc.