I really appreciate your assistance. I do have it working, now. In the end I just operated as if the AD certification process was the problem. So, I copied the AD Intermediate CA to a debian machine and create certificates via openssl using the Intermediate CA to sign. That did the trick!
Thank you!