Let's walk through creating a standard Build VM
Step 8 - Configure certificates
Initial documentation on this topic can be found here. This portion of the install really needs to be broken into 3 sections. First, check out the certificate section on my ConfigTemplate.xml deep dive article for some guidance on certificate usage and configurations.
I have created certs on my own
Great. We just need to copy them into the VMs\<VMName> directory for each node folder in the VMs directory and add the thumbprints to your ConfigTemplate.xml. You can skip everything else listed in this step.
I am creating my first cluster
You can follow most of the instructions from MS on this. You will want your value for generateSelfSignedCert in your configTemplate.xml to true for the certificate name of OnPremLocalAgent. This will create all certs required to continue with the install. Related to step 5, I typically export the certs from the root directory, which will put them in ..\Certs then you can copy + paste that directory into each VM.
I am creating another cluster after creating my first
Very similar to the last step except you will want your value for generateSelfSignedCert in your configTemplate.xml to false for the certificate name of OnPremLocalAgent. Update your ConfigTemplate.xml file with the thumbprint for the OnPremLocalAgent certificate generated from the first cluster and paste the exported cert into each VM directory.