To replace the self-signed certificate on a server with a certificate from a trusted source, you must import the new certificate into the Local Computer Certificate Store of your server before you can select it in Server Admin.
Follow your company's procedure regarding the enrollment of certificates. If your
situation requires you to create a custom request, make sure you follow the recommendations required for Security Center.
To improve the security of your system, you only need to replace the self-signed certificate on your main server (or all Directory servers if
you have Directory failover configured). It is not necessary to change the certificate on all
expansion servers.