This knowledge base article guides users through the process of generating an SSL/Server certificate for Endpoint Management 10.x on a Windows server. 

Instructions

1. Navigate to your Windows server where IIS (Certificate Authority/Active Directory) is installed.
2. Access IIS.
3. Choose your server.
4. Proceed to Server Certificates.
   
   
   
   
5. Create a certificate request.
   
   
   
   
6. Enter your server's details. For the common name, include the Server's Fully Qualified Domain Name (e.g., "abc.domain.com"). For a Wildcard certificate, ensure the common name is set to *.domain.com. For a non-wildcard certificate, use a specific domain such as abc.domain.com.
   
   
   
   
7. In the "Cryptographic Service Provider Properties," select "Microsoft RSA SChannel Cryptographic Provider" and set the Bit Length to 2048.
   
   
   
   
8. Specify the path for saving the certificate signing request (.txt file) and complete the process.
   
   
   
   
9. Have the certificate signed by a third-party Certificate Signing Authority (e.g., GoDaddy, DigiCert).
10. Return to IIS to complete the certificate request.
    
    
    
    
11. Once the certificate is completed, export it with a password to obtain a .pfx format file.
    
    
    

Upload, update, and renew Certificates:

https://docs.citrix.com/en-us/citrix-endpoint-management/authentication/upload-renew-certificates