To change an SSL certificate, you can generate a new keystore file. You can generate the new keystore in the Orchestrator Appliance machine.
To generate the new certificate, you must use the Java keytool utility. You can find the utility in the system Orchestrator Appliance virtual machine.
You can create a signing request and submit the certificate to a Certificate Authority. You can then import the signed certificate into your local keystore.
You can also change the Web views SSL certificate, the SSL certificate for the Orchestrator configuration interface, or the SSL certificate for the Orchestrator client with the certificate you generated.