When following the documented instructions (see link below), the CA Identity Manager Virtual Appliance (vApp) will not import a self-signed certificate correctly.  It is either ignored or it stops the Wildfy server from starting.  

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-suite/14-4/virtual-appliance/administering-virtual-appliance.html#concept.dita_484b93c7f06198e8b27adcc2537229358eb17777_WildflyHTTPSListenerandSSLCertificates

Are there any additional steps required to replace the out-of-the-box (OOTB) certificates with self-signed certificates?

Release : 14.4, 14.4.1

Component : IdentityMinder(Identity Manager)

The correct process to replace the wildfly certificates is as follows:

1. When you generate the self-signed certificate you must export it with the private key in a pcks12 format.  Set the password to "changeit".  Unfortunately, this is hard-coded in IM and cannot be changed.

2. Stop IM

3. Remove the existing caim-srv from

/opt/CA/VirtualAppliance/custom/wildfly-ssl-certificates/

4. Copy your self-signed certificate into the above folder as caim-srv.

5. restart IM

This will only change the 8443 connection.  In other words, if you are accessing IM directly (https://<myurl>:8443/iam/im/identityEnv) you will see the certificate that you just imported.

If you go via the Dashboard, (this uses https://<myurl>:10443/iam/im/identityEnv) the default CA certificate is used.  If you wish to replace the Virtual Appliance (vApp) Web UI SSL Certificate, then please refer to the documentation link below.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-suite/14-4/virtual-appliance/administering-virtual-appliance.html#concept.dita_484b93c7f06198e8b27adcc2537229358eb17777_ReplacingVirtualApplianceWebUISSLCertificate