You then need to trust the certificate on all the linux hosts
From the IBM article:
Create ‘/etc/pki/ca-trust/source/anchors/activedirectory.pem’ and paste the certificate contents
Trust CA cert: sudo update-ca-trust enable; sudo update-ca-trust extract; sudo update-ca-trust check
Trust CA cert in Java:
mycert=/etc/pki/ca-trust/source/anchors/activedirectory.pem sudo keytool -importcert -noprompt -storepass changeit -file ${mycert} -alias ad -keystore /etc/pki/java/cacerts
And at last, please make sure every node on your cluster has access to the ad host.
LDAP support is a key part of setting up a production Hadoop cluster.