In SQL Server 2019 the whole process of enabling secure communication to the SQL Server Database Engine with the use of SSL/TLS certificates has been significantly enhanced but also simplified.
You can go to SQL Server 2019 Configuration Manager to perform the below tasks:
- Directly import an SSL/TLS certificate in SQL Server
- View and validate certificates installed in a SQL Server instance
- Identify which certificates may be close to expiring
- Deploy certificates across Availability Group machines from the node holding the primary replica
- Deploy certificates across machines participating in a Failover Cluster instance from the active node
Regarding the scenario where you are importing an SSL/TLS certificate of a SQL Server Always On Availability Group-enabled instance, again the process is quite similar like the one for the standalone SQL Server machine, with the only difference that after choosing the certificate type to import, you are presented with the list of known Availability Groups for the SQL Server instance, and you can choose certificates for each replica node.
Please refer to these articles: Certificate Management in SQL Server 2019
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".