Hi,
If the servers are not domain joined and they are part of Workgroup you need to standup CA Infrastructure and manually issue the certs for the apps and servers.
Detailed steps in this article sg_installcertificatesinworkgroupmsandrs.htm
==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.