The certificate that ships with the on-premises is intended to serve as a temporary placeholder certificate.  This certificate is not trusted by any browsers as it has not been signed by a trusted certificate authority.  It should be replaced by a certificate that is trusted by your organization or provided by a third party certificate authority.

Please see the following article for steps to generate a signing request:

https://knowledge.broadcom.com/external/article?articleId=4090 

We understand, however, that due to financial constraints or internal resources it is not always possible to acquire a trusted certificate.  Because of this, you can find a new certificate attached to this case.  Please download that and follow the instructions here:
https://docs.ca.com/en-us/ca-agile-central/saas/ssl-premises#install