Install XProtect PowerShell module to manage Mobile Server as reported in the video above:
Install-Module Posh-XProtectMobile
Follow this article: MileStone XProtect 2019 R2 – How to generated trusted certificate on how to get certificate via MyCertWeb and free top level domain from http://My.dot.tk
Once installed in the system, Powershell will help to configure the certificate automatically:
Get-Help Set-MobileServerCertificate -examples
Sets the sslcert binding for Milestone XProtect Mobile Server when provided with a certificate, an object with a Thumbprint property, or when the -Thumbprint parameter is explicitly provided. The Thumbprint must represent a publicly signed and trusted certificate located in Cert:\LocalMachine\My where the private key is present. Set-MobileServerCertificate [-X509Certificate ] [[-Thumbprint] ]
You can get X509 certificate object using this command:
PS C:\WINDOWS\system32> $MyCert = gci Cert:\LocalMachine\My | ? Subject -eq 'CN=my.domain.tk' PS C:\WINDOWS\system32> $MyCert Thumbprint Subject ---------- ------- <GUID> CN=my.domain.tk
Once you have verified the certificate is correct, you can push configuration to Mobile Server with this:
Set-MobileServerCertificate -X509Certificate $MyCert
Set-MobileServerCertificate -Thumbprint <GUID>
To remove certificate at IIS level and check IIS configuration, use these:
netsh http delete sslcert ipport=0.0.0.0:8082 netsh http show sslcert ipport=0.0.0.0:8082
Ing. Lele's Blog - HeadQuarter 
Pingback: Milestone XProtect and Tailscale VPN using SSL | Ing. Lele's Blog - HeadQuarter