i'll share a bit from my internal DOC... haven't tested it recently, and i think it can be a bit more optimised from the current steps, use on your own risk:
"Server Authentication Certificate" is the right Microsoft CA Template. Create it with exportable key, SHA1, 2048 bit or larger key size.
After it saved by the MS enrolment process. Export the cert witht the key from the personal store MMC, convert using openSSL for windows package or on Linux device with the following commands (Do NOT use public websites) :
openssl pkcs12 -in filename.pfx -nocerts -out Temp_Private_File.pem
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out Public_Key_Cert.pem
openssl rsa -in Temp_Private_File.pem -out Private_Key_Cert.key
Export the chain as base 64, and open in notepad.
Set for the certs in cluster using the following command and follow the wizard, paste each certificate when prompted :
security certificate install -type server
Show the Certs
security certificate show
Set the cert on the SVM or the Cluster SVM
ssl modify -vserver <vserver> -ca L<taken from above> -serial <taken from above>
To delete a certificate. First make sure it's not in use in “ssl show”, find the certificate s/n in “security certificate show”, now use the s/n to delete using the following:
security certificate delete -serial <cert serial> *
Let me know if it worked please.