Replication of slapd with syncrepl and tls failed after migration or upgrade

This happened to me in debian and ubuntu. After a migration or an upgrade with syncrepl seems that the replica cannot connect. Running in foreground slapd shows an error like this

TLS: peer cert untrusted or revoked (0x42)
TLS: can't connect: (unknown error code).

Some versions of slapd when acting as a syncrepl client do not honor configuration in /etc/slapd/ldap.conf so the parameter

TLS_CACERT <file>

In some versions of slapd the CA cert is especified in the syncrepl provider. via the tls_cacert=<file> parameter of the syncrepl configuration, which is specified in /etc/slapd/slapd.conf

• http://linux.die.net/man/5/slapd.conf
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=613663#20