If you do not have an external CA and one is enabled within ADSS Server then the following steps enable you to create a new operator certificate using the Manage CAs of ADSS Server if licensed.
Create a Client Authentication Key by following this URL: Key Manager > Generating New Keys to create the key (allowing the option for key export)
Create a certificate for this new key by following this URL: Key Manager > Generating Certificates to create the certificate (self-signed certificates are NOT supported for operator certificates), export the certificate (*.cer) to enable it to be added as defined here: Adding an Operator
In Trust Manager ensure the option "CA for verifying TLS client certificates" is selected for the CA that issued this certificate.
Export the operator key and certificate as a .pfx or .p12 file and install it into your browser.
You will need to restart the ADSS Server Windows services or Unix Daemons if you have changed the Trust Manager settings.
Assuming you have been added as an operator with a suitable role and you can now login to the ADSS Server console by realunching the browser.