How do I create a new certificate for Windows Admin Center??

I would like to share my experience with WAC as I am using it to administer a Windows Hyper-V Server 2019 (Bare Metal, not domain joined) and to overcome the self-signed certificate issue.

Initial information on how to generate the Root Certificate Authority and a client certificate is here - https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-create-temporary-certificates-for-use-during-development

Below is the script I adjusted for my usage (The server has an internal static IP address and only a computer name (hostname)):

# 19.04.2023
# Create a root certificate authority and specify the IP Address and DNS Hostname
# The certificate is valid for 20 years

$rootCert = New-SelfSignedCertificate -CertStoreLocation Cert:\CurrentUser\My -Subject "Root CA For Windows Admin Center" -TextExtension @("2.5.29.19={text}CA=true","2.5.29.17={text}IPAddress=<IP Address>&DNS=<Hostname>") -KeyUsage CertSign,CrlSign,DigitalSignature -NotAfter (Get-Date).AddYears(20)

# Password protect and export the root certificate authority to be imported on the target machine (client)
[System.Security.SecureString]$rootCertPassword = ConvertTo-SecureString -String "password" -Force -AsPlainText
[String]$rootCertPath = Join-Path -Path 'cert:\CurrentUser\My\' -ChildPath "$($rootCert.Thumbprint)"
Export-Certificate -Cert $rootCertPath -FilePath 'RootCA.crt'

# Create a self signed client certificate and specify the IP Address and DNS Hostname
# Certificate is valid for 10 years
$testCert = New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -Subject "Windows Admin Center (Self-Signed)" -TextExtension @("2.5.29.17={text}IPAddress=<IP Address>&DNS=<Hostname>") -KeyExportPolicy Exportable -KeyLength 2048 -NotAfter (Get-Date).AddYears(10) -KeyUsage DigitalSignature,KeyEncipherment -Signer $rootCert

# Add the certificate to the certificate store and export it
[String]$testCertPath = Join-Path -Path 'cert:\LocalMachine\My\' -ChildPath "$($testCert.Thumbprint)"
# Export-PfxCertificate -Cert $testCertPath -FilePath testcert.pfx -Password $rootCertPassword
Export-Certificate -Cert $testCertPath -FilePath testcert.crt

Afterwards import the RootCA.crt and testcert.crt to the client workstation:

certmgr => Personal => All Tasks => Import => testcert.crt 

certmgr => Trusted Root Certification Authorities => All Tasks => Import => RootCA.crt

Reconfigure the WAC installation on the server by using the installation MSI and specify the thumbprint from the installed client certificate. To obtain it, either check the certificate store on the server or on the client workstation click on the imported testcert.crt in certmgr and under "Details" copy the value for "Thumbprint"