Do you have an internal certificate authority because if you do, then download the root cert and rename it to adCA.pem? If you don't, you have to export the certificate from each Domain Controller, create a new file and copy and paste the content of each item in one file and name it adCA.pem.
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----