When the VMware Identity Manager appliance is installed, a default SSL server certificate is automatically generated. You can use this self-signed certificate for general testing of your implementation.

A CA is a trusted entity that guarantees the identity of the certificate and its creator. When a certificate is signed by a trusted CA, users no longer receive messages asking them to verify the certificate.

You can install a signed CA certificate from the Appliance Settings > Manage Configuration > Install SSL Certificates > Server Certificates page.

If you deploy VMware Identity Manager with the self-signed SSL certificate, the root CA certificate must be available as a trusted CA for any client who accesses the VMware Identity Manager service. The clients can include end-user machines, load balancers, proxies, and so on. You can download the root CA from the Install SSL Certificates > Server Certificates page.

When the VMware Identity Manager connector is installed, a default self-signed SSL certificate is generated. You can continue to use this self-signed certificate in most scenarios. You can install a signed SSL certificate for the connector from the connector admin pages at https://connectorFQDN:8443/cfg/login.