Any and all certificates for the AD server need to be added to the DLP enforce server's java cacerts file.  The default directory for that file is

DRIVE:\PATH\TO\JAVA\lib\security\cacerts

The certs can be added with java keytool (comes included with Java in the bin directory) with the below command

keytool -import -file /PATH/TO/CERTS/cert.cer -alias sldap_cert -keystore DRIVE:\PATH\TO\JAVA\lib\security\cacerts -storepass changeit

After adding all the certs, recycle the SymantecDLPManagerService, and configure the AD connection to use sldap.  See the screenshot below