We had a similar issue. Jamf recommended each and every one of our DCs
have a SAN cert for the proxy due to Java's new settings. Or you can
turn off cert checking by adding a startup option to java to turn off
SSL checks on LDAP lookups specifically ...
