RHEL 6.3 IDM and Windows 2003 AD integration issue

Following the docs, section 8.4 managing Synchronization Agreements, of the Identity Management Guide, I am having an issue importing the self-signed cert from my IDM server into AD. Using either commandline or the GUI tools in Windows the result is the same:

1. Commandline using certutil - "-installCert command FAILED: The group or resource is not in the correct state to perform the requested operation."

2. GUI tool - I can easily import the cert I got off http://idmserver/ipa/config/ca.crt but when I look at it it shows under the General tab a red X over the cert icon and it says "The integrity of this certificate cannot be guaranteed. The certificate may be corrupted or may have been altered."

Under the Certification Path tab is says "Certificate status: This certificate has an nonvalid digital signature."

Does anyone know why Windows 2003 doesn't like RHEL 6.3 IDM self-signed certs?