• Management Center configured to use secure LDAP (LDAPS) that started failing after upgrade to 3.3.1.1. It used to work before upgrade.
• Configured IP address on the "LDAP URL" setting in Management Center while certificate's Common Name or Subject Alternative Name presented by Secure LDAP has fully qualified domain name or host name only.   
• Packet capture shows Management Center is sending "Alert Fatal Certificate Unknown(46)"
• Latest log.log (Management Center UI > Administration > Logs)  shows:
  
  Client raised fatal(2) certificate_unknown(46) alert: Failed to read record org.bouncycastle.tls.TlsFatalAlert: certificate_unknown(46) with
Caused by: java.security.cert.CertificateException: No subject alternative name found matching IP address <ldaps server IP>

• Management Center version 3.3.1.1
• Secure LDAP  (LDAPS)

Management Center version 3.3.1.1 (and above) started verifying the certificate's Common Name or SAN of LDAP that it matches Management Center LDAP URL setting.

A none match would throw a Fatal Alert with certificate_unknown(46) reason.

• Create new certificate for LDAP server that would present  the IP address in Subject Alternative Name
• Change Management Center LDAPS setting to  match one of the Common Name or SAN presented by your LDAP server. This could be an IP, host name or FQDN.

For example:

• Management Center  LDAPS  currently configured as "ldaps://192.168.10.45:636 "  
• Verified that LDAPS certificate's  Common Name or SAN is only returning "ldaps.lcp.lab"" .  Also verified that the DNS configured on Management Center could resolve "ldaps.lcp.lab" to correct IP (192.168.10.45).

Solution is to change the LDAP URL settings to ldaps://ldaps.lcp.lab:636