Open your Server Manager and go to Remote Desktop Services.
Click on Tasks, Edit Deployment Properties.
If any of these are expired, I am going to show you how to get them up to date.
Now we need to get into the certificate store. If you haven't already created an MMC for your certificates, it's a good idea to do that now. Otherwise you can go to Run and type certlm.msc and hit enter.
Otherwise, start a new MMC (Start ---> Type MMC) or add it to your existing one.
File, Add/Remove Snap In
Highlight Certificates and click Add.
Next I chose Computer Account
Now hit Finish and OK.
Expand Personal, select Certificates.
Right-click the certificate you would like to use, choose All Tasks, Export.
Choose Yes, export the private key. Click Next.
You can leave this as is. Click Next.
This next step is up to you. You can protect it with your own unique password or choose Group or user names and assuming you're logged in, it should populate your username below.
By default it wants to save your newly created certificate to System32. I elected to click Browse, created a new folder on the C:\ drive and put my newly created PFX file in there.
Once that's all done. You can now go back to the Deployment Properties window that we had open earlier. Highlight the Role Service with the expired status and click Select existing certificate...
Click Choose a different certificate and Browse for the one we just exported earlier.
Select Allow the certificate to be added to the Trusted Root Certificate Authorities certificate store on the destination computers and click OK
Now it should say Ready to apply and click Apply. These all have to be done one at a time. If you did everything correctly, the Status should change to OK.
Click OK and you're done.