When the VMware Identity Manager appliance is installed, a default SSL server certificate is automatically generated. You can use this self-signed certificate for general testing of your implementation. VMware strongly recommends that you obtain and install SSL certificates signed by a public Certificate Authority (CA) in your production environment.

A CA is a trusted entity that guarantees the identity of the certificate and its creator. When a certificate is signed by a trusted CA, users no longer receive messages asking them to verify the certificate.

You can install a signed CA certificate from the Appliance Settings > Manage Configuration > Install SSL Certificates > Server Certificates page.

If you deploy VMware Identity Manager with the self-signed SSL certificate, the root CA certificate must be available as a trusted CA for any client who accesses the VMware Identity Manager service. The clients can include end user machines, load balancers, proxies, and so on. You can download the root CA from the Install SSL Certificates > Server Certificates page.