Issue cert from External CA
1) Obtain CSR, most likely from ca1-mgt2 digicert utility
2) login via SSO to digicert https://canaccord.sso.ultradns.com
3) renew or obtain new OV cert
4) Pick appropriate region for the cert
5) paste in CSR and you will cert the URLs populated
6) Select duration of a year > submit request
7) Either download the cert of copy it from email to the device where the CSR was geenrated.
8) Import the certificate to make a full private and public cert:
9) export the certificate as pfx and set a password, now you can take the cert and apply it to where its needed.