Our client is reporting Qualys observations regarding the use of self-signed certificates on ports 5443 and 8444 in Cloud Proxy and asking if it is possible to replace these certificates with new ones signed by the client's internal CA.

Please confirm if this is possible and what steps we should take.

Please see doc link below

Cloud Proxy

See section

(Optional) To use your own security certificate, access the application.yml file in the configuration folder. Configure these properties:
apm.server.useSelfSignedCert
Set the value as false.
apm.server.keyCertChainFile
Input a path to an X.509 certificate file using the PEM format.
apm.server.keyFile
Input a path to a PKCS#8 private key file using the PEM format. DX APM Supports only PKCS#8 format.