ldaps does not work with ldapsearch

Question

I'm running ldapsearch against a active directory server,

with ldap protocol it works:

ldapsearch -h IP -p 389 -b 'DC=testnet,DC=com' -D 'CN=admin,CN=Users,DC=testnet,DC=com' -w 'XX'

with ldaps protocol it fails:

ldapsearch -H ldaps://10.10.10.20:636 -b 'DC=testnet,DC=com' -D 'CN=admin,CN=Users,DC=testnet,DC=com' -w 'XXX'

strace output:
connect(3, {sa_family=AF_INET, sin_port=htons(636), sin_addr=inet_addr("10.10.10.20")}, 16) = 0
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

From nmap both 389 and 636 ports are open, what was wrong?

EDIT

A certificate is available on port 636:

# openssl s_client -connect 10.10.10.20:636 -showcerts
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 CN = DC-01.testnet.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = DC-01.testnet.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:CN = DC-01.testnet.com
   i:DC = com, DC = testnet, CN = testnet-SRV1-CA
...