If the Active Directory Server is set to authenticate the client during an SSL session initialization phase, you need to upload iDRAC Server certificate to the Active Directory Domain controller. This additional step is not required if the Active Directory does not perform a client authentication during an SSL session’s initialization phase.
To import iDRAC firmware SSL certificate to all domain controller trusted certificate lists:
racadm sslcertdownload -t 0x1 -f <RAC SSL certificate>
If you have installed your own certificate, make sure that the CA signing your certificate is in the Trusted Root Certification Authority list. If the Authority is not in the list, you must install it on all your domain controllers.