Yes, you can update it manually. What Check Point expects here, is the MD5 fingerprint of the LDAP server cert. You can query it manually from a client which can reach the LDAP server using openssl. When running from the gateway (Gaia Expert Shell), use cpopenssl instead of openssl:
LDAP with Start-TLS:
echo | openssl s_client -connect servername:389 -starttls ldap | openssl x509 -noout -fingerprint -md5
echo | openssl s_client -connect servername:636 | openssl x509 -noout -fingerprint -md5
In case you don't want/need certificate pinning and let the gateways just accept any LDAP server cert, you can leave the fingerprint string input field empty. Never tried it myself, but another CheckMate recently confirmed this is working.