Most of what you need to know can be found here:
This is the rest you need to know:
I would recommend using a wildcard certificate for your servers otherwise you will need a separate certificate for each server.
Here is an example of a 2048 key wildcard for oppihle.org’s
Subject = "CN=*.oppihle.org, OU=oppihle.org, O=Oppihle, L=Louisville, S=Kentucky, C=US" ; replace with the FQDN
KeySpec = 1
KeyLength = 2048
; Can be 1024, 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
OID=184.108.40.206.220.127.116.11.1 ; this is for Server Authentication
Note: SAN listed above is DNS SAN (Subject Alternative Name) not storage SAN
When you import your certificate onto your servers into the personal certificates you need to change the general name properties to “vdm” if you have an existing already named “vdm” rename it “oldvdm”
Then restart view services and confirm it is working properly