@pablo Finally I managed to log in.
The last step was concerning my-ca.pem, the certificate of the AD. I hat to copy that file to every single node and take account of the paths being named the same on every node.
I did not realize that at the beginning even though you even gave me a here in an early comment.
So thank you very much for your help and your hints!