When following the documented instructions (see link below), the CA Identity Manager Virtual Appliance (vApp) will not import a self-signed certificate correctly. It is either ignored or it stops the Wildfy server from starting.
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-suite/14-4/virtual-appliance/administering-virtual-appliance.html#concept.dita_484b93c7f06198e8b27adcc2537229358eb17777_WildflyHTTPSListenerandSSLCertificates
Are there any additional steps required to replace the out-of-the-box (OOTB) certificates with self-signed certificates?
Release : 14.4, 14.4.1
Component : IdentityMinder(Identity Manager)
The correct process to replace the wildfly certificates is as follows:
1. When you generate the self-signed certificate you must export it with the private key in a pcks12 format. Set the password to "changeit". Unfortunately, this is hard-coded in IM and cannot be changed.
2. Stop IM
3. Remove the existing caim-srv from
/opt/CA/VirtualAppliance/custom/wildfly-ssl-certificates/
4. Copy your self-signed certificate into the above folder as caim-srv.
5. restart IM
This will only change the 8443 connection. In other words, if you are accessing IM directly (https://<myurl>:8443/iam/im/identityEnv) you will see the certificate that you just imported.
If you go via the Dashboard, (this uses https://<myurl>:10443/iam/im/identityEnv) the default CA certificate is used. If you wish to replace the Virtual Appliance (vApp) Web UI SSL Certificate, then please refer to the documentation link below.
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-suite/14-4/virtual-appliance/administering-virtual-appliance.html#concept.dita_484b93c7f06198e8b27adcc2537229358eb17777_ReplacingVirtualApplianceWebUISSLCertificate