Based on a real-world scenario I encountered recently, here is the premise for this post. I’m putting it here at the top, so I won’t have to expand my post into a gazillion permutations for all imaginable types of scenarios and situations. However, I think you’ll be able to adapt the workflow to your particular setup.
SQL Server is running on an Azure VM with a connection to the Internet.
Stand-alone SQL Server – no clustering, no availability groups.
SQL Server has its own service account.
No web server installed on the machine.
I don’t have an Enterprise CA.
I can’t/won’t install certificates on my clients’ computers and servers.
Daniel has done yeoman’s work with this. I highly recommend giving it a read.