If you need to transfer the Active Directory FSMO roles to a new server, these simple steps were easy to follow. Took about 5 minutes.
The Digicert cert utility for Windows make the process so much easier:
To generate the CSR:
To install the Cert:
For LDAPS on a domain controller, I did not have to import the cert file into the AD DS personal store.