SLES Certificates are independed from eDir-Certs. You can use YaST to manage these certs if you need them for certain services. They are not used in OES-Services.
LDAP relies on eDir certs. So renew all certs via iManager (set renew all, not only the outtimed), and restart the server. This should bring the certs from eDir to the host. (Not needed to say that the eDir should be healthy, et. al.
Then you can export the eDir CA (w/o private key) and import them to the hosts who do a ldaps connection to the eDir.
After this you can delete all outtimed(!) certs in iManager. These are useless.