i will first mention that using the same certificate everywhere is a bad bad practice. if a device get compromised and the certificate stolen - first you won't know where it laked from. second you will not be able to revoke it until it changed everywhere, and last, in order to replace it you sometime need to trust this very same stolen certificate, how would you know that you providing your credentials on secure channel ?
The OCUM manual specifically state: " The file that you upload and install must be a signed version of the existing self-signed certificate"
the certificate is saved in at least two java key stores. there's a few batch files in the programfiles folder to import certs to the various Jave keystores that the app using.
just make sure you take snapshot of the VM and DB copy before you play with it. as some of the certificates use for internal process to talk to each other and you might break them and prevent services from starting,
i suspect some of these BAT files are also not recently updated and can maybe break some components in the app that changed in the last few years. i'm pretty sure that it's also completely unsupported to use them.