The HCX Manager and Connector Appliances can have their Hybridity UI certificates replaced for Custom SSL Certificates. To do so it is relatively straight forward.

Procedure.

You can use Openssl on the appliance or in my case on an Ubuntu machine to generate the CSR and private key.
First I create the conf file needed for the certificate. Depending on your use case you can add/remove the required fields that you need. I name this file hcx.conf

[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no

[req_distinguished_name]
C = SE
ST = Stockholm Lan
L = Stockholm
O = Terataki
OU = Cloud
CN = sto-hcx-01.terataki.local

[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1 = sto-hcx-01.terataki.local
DNS.2 = sto-hcx-01
IP.1 = 10.0.100.50

With the hcx.conf file I can use Openssl to generate the hcx.csr and hcx.key.

openssl req -newkey rsa:2048 -keyout hcx.key -out hcx.csr -config hcx.conf -nodes

I submit the CSR to my Certificate Authority and using the returned file I can cut and paste the contents, along with the contents of the hcx.key into the relevant fields in the HCX Appliance management (9443) interface. These are found under Administration > Server Certificate. Click Apply and wait for the message that the import was successful.

Click Apply and wait for the message that the import was successful.

You will now be able to refresh your browser and find that the HCX Hybridity UI is now showing a Valid Trusted Certificate,

Documentation

Managing CA and Self-Signed Certificates HCX