There is a bug with LDAP TLS in that LDAP doesn't know where the ca file are.
We have an open support ticket on this, and you can look at the bug report for more info.
Suggest opening a support ticket with Zimbra directly, in the interim you can disable LDAP TLS on both servers by running the following as the zimbra user on both servers and then restarting Zimbra.
At that point though, all the inter-server LDAP traffic is plain text, which may be a security risk depending on your infrastructure.
zmlocalconfig -e ldap_starttls_supported=1
Hope that helps,