The following document explains how to re-generate the Symantect Directory Manager server certificate on Linux:
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/directory/14-1/administrating/troubleshooting-ca-directory/creating-directory-manager-certificates-after-expiration.html#concept.dita_db7516a1-cc62-43ef-91dc-9c91309f6867_DirectoryManagerCACerts

Symantect Directory Manager installation also includes SCIM server.
SCIM client certificate expires at the same time as Directory Manager server certificate, but it is not explained how to re-generate it.

Please note that the above document explains how to generate SCIM client certificate on Windows, only the information for Linux installations is missing.

Please follow these steps to re-generate expired SCIM client certificate:

1. Re-generate Directory Manager server certificate as per this document:
   https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/directory/14-1/administrating/troubleshooting-ca-directory/creating-directory-manager-certificates-after-expiration.html#concept.dita_db7516a1-cc62-43ef-91dc-9c91309f6867_CA_Linux
2. Navigate to the install/openssl-ca  folder where the Directory Management installation package is extracted (same as in item 4 in the above document) and run the following command:
   ./generate_cert_key.sh
   Answer the questions as following (in red):
   
   

   $ ./generate_cert_key.sh
   Please provide a base name for your key and certificate files
   scimclientcert
   Are you requesting a certificate for your dxagent client (1) or for your dxagent server (2) ?
   1
   Please provide a password for the PKCS12 file
   <password>
   Generating a RSA private key
   ......+++++
   ..................................................+++++
   writing new private key to '/opt/CA/Directory/dxserver/media/linux_x86_64/management-ui/install/openssl-ca/out/scimclientcert.key'
   -----
   You are about to be asked to enter information that will be incorporated
   into your certificate request.
   What you are about to enter is what is called a Distinguished Name or a DN.
   There are quite a few fields but you can leave some blank
   For some fields there will be a default value,
   If you enter '.', the field will be left blank.
   -----
   Country Name (2 letter code) []:AU
   State or Province Name (full name) []:Victoria
   Organization Name (eg, company) []:CA Technologies
   Organizational Unit Name (eg, section) []:CA Directory
   Common Name (eg, your dxagent client name or your dxagent servers hostname) []:SCIM for <hostname>
   Using configuration from /opt/CA/Directory/dxserver/media/linux_x86_64/management-ui/install/openssl-ca/openssl-ca.cnf
   Check that the request matches the signature
   Signature ok
   The Subject's Distinguished Name is as follows
   countryName           :PRINTABLE:'AU'
   stateOrProvinceName   :ASN.1 12:'Victoria'
   organizationName      :ASN.1 12:'CA Technologies'
   organizationalUnitName:ASN.1 12:'CA Directory'
   commonName            :ASN.1 12:'SCIM for hostname'
   Certificate is to be certified until Sep  9 01:17:42 2023 GMT (365 days)

   Write out database with 1 new entries
   Data Base Updated
   Your certificate and key are stored in the PKCS12 file - /opt/CA/Directory/dxserver/media/linux_x86_64/management-ui/install/openssl-ca/out/scimclientcert.p12
   Your certificate is stored in file - /opt/CA/Directory/dxserver/media/linux_x86_64/management-ui/install/openssl-ca/out/scimclientcert.pem
   Your private key is stored in file - /opt/CA/Directory/dxserver/media/linux_x86_64/management-ui/install/openssl-ca/out/scimclientcert.key
   $

3. Copy the certificates and key files to the appropriate locations on the machine where Directory Manager resides.
   Overwrite the existing certificates and key files in the destination location with these certificates and key files: