Hi @lefoudu1010, actualy you can use any certificate, do You have a CA inside your Organization? If yes you can simple generate a CSR (with multiple hostnames if necessary) on your OCSServer machine and issue it from your CA, I believe that this is the best practice.
If You haven't, You can just issue a self-signed certificate, copy the .CER file and rename it to cacert.pem, this file must be set on your agents and use the parameter /SSL=1.
Also, you must use exactly the same hostname or FQDN that the certificate was issued on your agent definitions.
I hope this helps.