Windows Admin Center 2410: cannot add computers

I had this problem in WAC 2511. First, took me forever to figure out that the cert had to be RSA (ECC not supported) and can't be a wildcard. Well it could be a wildcard, but also must have the FQDN of the WAC as a SAN. After issuing a new cert using RSA and with FQDN in Subject and SAN, able to start service and access web interface without error.

However, was getting the AD error when searching for servers. Found an application log that mentioned the cert couldn't be found because it was trying to search by email attribute. Our standard config is to populate email, organization, department, city, state, and CN. However, WAC needs just the CN in the Subject and the DNS in SAN. Once I issued a cert with just that, I was able to install with that cert and able to start and search AD without issue.

Application: WindowsAdminCenter.exe
CoreCLR Version: 8.0.2125.47513
.NET Version: 8.0.21
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException: The requested certificate E=email address removed for privacy reasons could not be found in LocalMachine/My with AllowInvalid setting: False.
at Microsoft.AspNetCore.Server.Kestrel.Https.CertificateLoader.LoadFromStoreCert(String subject, String storeName, StoreLocation storeLocation, Boolean allowInvalid)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Certificates.CertificateConfigLoader.LoadFromStoreCert(CertificateConfig certInfo)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Certificates.CertificateConfigLoader.LoadCertificate(CertificateConfig certInfo, String endpointName)