I've noticed that while deploying the UAG it will create a self-signed certificate and bind it to the REST/swagger UI. This happens regardless of if a certificate is provided during deployment. I'm doing a two nic deployment. The self-signed certificate will have the issuer and subject fields contain "OU = self-signed". The issued to, issued by and subject fields will have a "CN = ip address/DNS" of the external NIC.
We are not allowed to have any self-signed certificates in our environment and are in need a way to replace this certificate.