And this error would appear in the logs
[Wed Feb 16 10:41:04 2011] [notice] [client 192.168.0.1] admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.0.1
I found this bug on the subject and saw the clue. The certificate authority for the cert must be installed on the admin server also.
I went to the admin console, under tasks clicked Manage Certificates and saw a completely empty list under CA Certs. My cert was signed by Equifax, so I just went into /etc/pki/tls/certs/ca-bundle.crt and grabbed the text of the Equifax CA and installed the CA and trusted it.
After that Manage Certificates works on the Directory Server.
The admserv_host_ip_check error still occurs so it must be unrelated to this error. I changed the AllowAccess entries in cn=NetscapeRoot, but the errors still happen in the logs...even though everything is working, go figure.