1) Go to Background server
2) Open a command prompt on the Server and run the following command to generate a new PKI Certificate.
pdm_pki -p CASM_POLICY -f
3) Do a failover
4) Restart app server
5) Go to the standby server (which was the background and has the new pki file)
6) Copy the file to the each Catalog server and go to catalog UI go to Administration > Configuration > CA Service Desk > Enable PKI = Yes
7) In Hostname area set the hostname of each App server(s). If using load balancer then type here the load balancer URL.
8) Update the certificate in USS Server(s). See https://comm.support.ca.com/kb/Error-The-system-was-unable-to-log-you-in-Please-make-sure-the-provided-credentials-are-right/KB000005093