To replace the self-signed certificate on a server with a certificate from a trusted source, you must import the new certificate into the Local Computer Certificate Store of your server before you can select it in Server Admin.
Follow your company's procedure regarding the enrollment of certificates. If your
situation requires you to create a custom request, make sure you follow the recommendations required for Security Center.
To improve the security of your system, you only need to replace the self-signed certificate on your main server. If you have Directory
failover configured, you must replace the certificate on all Directory servers. It is not
necessary to change the certificate on all expansion servers.