TLS unknown CA

[John Mok <jmok@attglobal.net>]

I hope someone could help me out.

SuSE Enterprise Linux Server 8
OpenLDAP 2.2.14

I have built two identical machines for LDAP client /server testings, 
and compile OpenLDAP 2.2.14 from source as follows :-

env CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib" \
./configure --enable-wrpappers --enable-crypt --enable-slurpd --with-tls

I created two certificates using my self-signed CA, and passed the 
server testing from client as stated in OpenLDAP SSL/TLS How-To :-

openssl s_client -connect  server.exmaple.com:636 -showcerts -state -CA 
/usr/share/ssl/cacert.pem

Client config. file /usr/local/etc/openldap/ldap.conf has the line :-

tls_cacertfile /usr/share/ssl/cacert.pem

Server config. file /usr/local/etc/openldap/slapd.conf has these lines :-

TLSCipherSuite HIGH:MEDIUM:+SSLv3
TLSCertificateFile /etc/local/server-cert.pem
TLSCertificateKeyFile /etc/local/server-key.pem
TLSCACertificateFile /usr/share/ssl/cacert.pem

It works fine with SSL, but it failed with TLS with the following error :-

TLS certificate verification: Error, self signed certificate in 
certificate chain
tls_write: want=7, written=7
0000:  15 03 01 00 02 02 30                               
......0          TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect.
ldap_perror
ldap_start_tls: Connect error (-11)
  additional info: error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

It seems that the client could not locate the CA certitificate 
tls_cacertfile, and I have copied the ldap.conf to different locations 
/etc/ldap.conf, /usr/local/etc/ldap.conf and 
/etc/local/etc/openldap/ldap.conf, but the errors are the same. I have 
tried the steps on O'Reilly LDAP book and those on the newsgroup, but it 
does not work.

Is there anything I have done wrong?

Thanks a lot.

John