Under "save as PFX", enter a strong password for your certificate and press Save to PFX file.
This will generate a PFX.
Store the password you entered securely. If you lose this, your encrypted data can be permanently lost.
Install the certificate on the Halo server
The certificate should be installed in both the Personal and Trusted Root stores of the local machine.
Open the certificate you generated on your Halo web application server.
Choose Store Location as Local Machine and enter the password for the certificate when prompted. No other settings need to be changed, navigate through the wizard and press Finish to install.
Install the certificate again using the same steps as above, but this time select "Place all certificates in the following store", and choose "Trused Root Certification Authorities".
Once installed, obtain the thumbprint of your certificate by opening Certificate Manager on the server. Find the certificate you added. Open it and view the thumbprint. It should look similar to the one below. Copy it as you'll need it for the next step.
Configure the Halo website
On your Halo web application server, open the website files and open /api/appsettings.json.
Add a comma to the end of the second from the bottom line, insert a new line and add;
where THUMBPRINT is the thumbprint of your certificate.
Save and restart the Halo website.
To verify this is working, check that X.509 for encryption is now ticked on the Security page.