The help server explain how to replace the OOB certificates to put customer's certificates instead: https://docs.microfocus.com/itom/Service_Management_Automation_-_SM:2018.05/Replace-the-certificates-for-Service-Management-Automation_19894970
However, here are more detailed steps that will be helpful to fully achieve this
First of all, you have to get the costumer’s certificate as the documentation says. https://docs.microfocus.com/itom/Service_Management_Automation_-_SM:2018.05/Replace-the-certificates-for-Service-Management-Automation_19894970.
Steps for replacing the certificate:
1.- Replace the certificate for the suite:
• Extract and save a backup of the OOTB Nginx certificate and private key. Execute the following command:
kubectl get secret nginx-itsma-secret -n <your_itsma_deployment> -o yaml > nginx-itsma-secret_oob.yaml
• Set the server certificate and private key as base64. Copy the results of these commands in a notepad:
o base64 -w 0 <your_server_certificate>.crt > tls_base64.crt
o base64 -w 0 <your_private>.key > Private_Key_base64.crt
Note** Change the server certificate if it has 2/3 levels. You only need the first part of the server certificate (first begin-end section including begin and end headers).
• Change the Nginx certificate and private key.
o Execute: “kubectl edit secret nginx-itsma-secret -n <your_itsma_deployment> -o yaml”
ï§ Replace the “tls.crt” value for your new base64 server certificate value
ï§ Replace the “tls.key” value for your new base64 private key value
• Restart the itom-nginx-ingress-deployment pods.
• Check your service portal, propel admin and Service Manager web pages are secure.
2.- Replace the certificate for CDF:
• Backup your OOTB CDF Certificate
o Execute the following commands:
kubectl get secret nginx-default-secret -n core -o yaml> nginx-default-secret-oob.yaml
kubectl get secret itom-cdf-ingress-frontend-secret -n core -o yaml> itom-cdf-ingress-frontend-secret-oob.yaml
• Check your certificates and private key.
o Upload your server certificate, private key and root certificate in “/opt/kubernetes/scripts” path into the master node
o Upload and Replace the certCheck file (attached) in “/opt/kubernetes/scripts” into the master node. Do a backup from the existing one.
o Check your certificates executing:
./certCheck -ca ./test_root_2.crt -key ./tls.key -cert ./tls_bk.crt -host itserviceportal.com –debug
The result must be:
Note** If your root certificate have two begin-end sections. You have to remove the first one.
• You are ready to replace the certificates and private key from Administrator UI. https://<your_url>:5443. Go to Administration ï Certificates. Select your files and click on “Update”.
• Check you CDF Certificate closing and opening a new web browser for https://<your_url>:5443. It should be “secure”.