Thank you everyone for the information, I was able to get our certificate working for the WebUI after little troubleshooting.
That being said, there’s still the default self-signed certificates in the “BES WebUI\BES WebUI\cert” directory (auth_cert.crt and ca.crt). I assume these are used for communication back to the root server? Or is there any way we can get rid of these?