Hi
Does you want to use a self-signed certificate or one you buy ?
Do you plan to make a cluster ?
For a simple scenario, for self-signed you can create it via the Remote Desktop Wizard. You need to create a GPO to push it to your domain computer after if you intend to use SSO with your farm, or you can let the user bypass the warning if not domain joined. The only drawback of this method is the certificate is only valid 1 year, so you need to renew it each year.