Failing to trust Yunohost's LDAP server TLS certificate


I am currently trying to use the OpenLDAP server configured by Yunohost 11.0.11 (amd64) to authenticate desktop users (through sssd-ldap) on the same internal network as the Yunohost server.

Before going into sssd, I started to open the 636 port of the server, so that the clients will connect with LDAPS:

yunohost firewall allow TCP 636

Then, on a test client host, I downloaded the certificate of Yunohost for LDAPS:

openssl s_client -connect <yunohost_server>:636 -showcerts </dev/null 2>/dev/null | openssl x509 -outform PEM > /etc/ssl/certs/ldapcacert.crt

But when I wanted to check the certificate of the server was trusted, it was a failure:

openssl s_client -connect <yunohost_server>:636 -CAfile /etc/ssl/certs/ldapcacert.crt


depth=0 CN =
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN =
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 CN =
verify return:1
Certificate chain
 0 s:CN =
   i:CN =, O = yunohost
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Nov 22 14:45:48 2022 GMT; NotAfter: Nov 21 14:45:48 2024 GMT
Server certificate
subject=CN =
issuer=CN =, O = yunohost
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
SSL handshake has read 1502 bytes and written 394 bytes
Verification error: unable to verify the first certificate
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 21 (unable to verify the first certificate)

During my trials, I tried to connect to the server by its IP, by its internal name, and even by after I added an entry with this name and the server IP in /etc/hosts.

How can I fix this issue with trusting the TLS certificate for LDAP that appears to be configured by Yunohost ?