You will need the new certificates in the following formats with the following exact names:
A non-encrypted OpenSSL key file 'localhost.key'
A matching OpenSSL X509 certificate in PEM format 'localhost.pem'
The UI SSL certs are located in /etc/mag2/ssl
1) Login to the appliance via SSH as user 'g2' then change to root 'sudo su -'
2) Move all of the files in "/etc/mag2/ssl" to another location
$ cd /etc/mag2/ssl
$ mkdir bluecoat-original
$ mv localhost.* bluecoat-original/
3) Place the new cert files (localhost.key and localhost.pem) in /etc/mag2/ssl
4) Restart web services
$ supervisorctl restart web-router:*
$ web-router-80: stopped
$ web-router-443: stopped
$ web-router-443: started
$ web-router-80: started
5) If web-router-443 does not start back up i.e. 'ERROR (abnormal termination)', that indicates that Apache could not load the certificate (probably incorrect format, wrong name, etc.).