You must import the TLS server certificate into the Windows local computer certificate store on the Windows Server host on which the Connection Server instance or security server service is installed.

1. In the MMC window on the Windows Server host, expand the Certificates (Local Computer) node and select the Personal folder.
2. In the Actions pane, go to More Actions > All Tasks > Import.
3. In the Certificate Import wizard, click Next and browse to the location where the certificate is stored.
4. Select the certificate file and click Open.
   To display your certificate file type, you can select its file format from the File name drop-down menu.
5. Type the password for the private key that is included in the certificate file.
6. Select Mark this key as exportable.
7. Select Include all extended properties.
8. Click Next and click Finish.
   The new certificate appears in the Certificates (Local Computer) > Personal > Certificates folder.
9. Verify that the new certificate contains a private key.
   1. In the Certificates (Local Computer) > Personal > Certificates folder, double-click the new certificate.
   2. In the General tab of the Certificate Information dialog box, verify that the following statement appears: You have a private key that corresponds to this certificate.