Unlike the License Server, Packager or Transport certificate, the Domain CA certificate is not issued by Adobe. You can obtain this certificate from a Certificate Authority, or you can generate a self-signed certificate to use for this purpose.
The Domain CA certificate should use a 1024-bit key and contain the standard attributes required in a CA certificate:
For example, using OpenSSL, a self-signed CA certificate can be generated as follows:
Create a file called ca-extensions.txt containing:
keyUsage=critical,keyCertSign
basicConstraints=critical,CA:TRUE
subjectKeyIdentifier=hash
Generate key:
openssl genrsa -des3 -out domain-ca.key 1024
Generate CSR:
openssl req -new -key domain-ca.key -out domain-ca.csr
Generate certificate:
openssl x509 -req -days 365 -in domain-ca.csr -signkey domain-ca.key \
-out domain-ca.cer -extfile ca-extensions.txt
Generate password:
openssl rand -base64 8
Generate PFX:
openssl pkcs12 -export -inkey domain-ca.key \
-in domain-ca.cer -out domain-ca.pfx