First it's assumed that you have TDI V7.1.1 or higher. It's assumed that you're running the ibmditk on the same box as ibmdisrv. When you installed TDI, it asked to select a "Solutions" directory. Make sure you know where that is. If you don't know the default solutions directory go to the TDI_install_dir/bin and see "defaultSolDir.sh" for the contents. In my case it's: /opt/IBM/TDI/V7.1.1/bin/defaultSolDir.sh and the solutions directory is TDI_SOLDIR="/opt/IBM/TDI/solutions".
1) download the certificate from the LDAP (or whatever SSL) server you want to connect to. You can easily use a tool like Portecle to do an SSL connect to the server, and save the certificate as a PEM file. For our purposes "foo.pem".
2) start the ibmditk (TDI Console)
3) select "Keymanager"
3.1) open the solutions directory's jks file: /opt/IBM/TDI/solutions/serverapi/testadm
3.2) the password is "administrator"
3.3) select the dropdown to "signer certificate"
3.4) add the PEM certificate foo.pem
3.5) save the file with the same password, and click OK to overwrite.
4) In the TDI console under Servers, click "STOP Server", wait until it stops and Quit or Restart the TDI Console.
5) Start the TDI Console, and go to "Resources" -> "Connectors"
6) Add a connector for the SSL server you want to connect to. In our case an LDAP server on port 636 as SSL.
7) Fill out the appropriate information, and goto "Input Map" tab -> "Connect" on right.
Now, I leave it up to the reader to then customize the jks file's password, location, etc. Warning... it's sticky to untangle internals client/server certs.