PWNotify Driver Cert issue

in Upgrading the PWNotify Driver to 2.2.2.x versions of the packages along with the 4.8 upgrade My ldap connection is getting blocked by

<status level="error">JavaException: com.novell.ldap.LDAPException: Confidentiality Required</status>

Which i expected. The hint says on SLES import the TREE_CA cert. So I imported the root self signed cert into

/opt/netiq/common/jre/lib/security/cacerts on the IDM engine server. but that hasn't fixed the connection issue.

What cert(s) does this actually need and is that the right keystore or do i really need to create a custom one just for this driver?

I've also noticed that in upgrading it's completely ignoring the hourly schedule and attempting to search every minute I'm not sure if that's cause it's failing or what, the curious thing to me is that account expiration notifications are still working just fine but password expiration is the one that is failing