Hi,
The VRMS certificate is in /opt/vmware/hms/security/hms-keystore.jks. You can export it in DER format using the following command:
keytool -exportcert -file /tmp/hms.crt -keystore /opt/vmware/hms/security/hms-keystore.jks -alias jetty
You don't need a password for the export of the certificate (hit Enter when keytool asks for a password during the export).
You might want to import CA certificate for the VRMS certificate (the VRMS certificate itself, if self-signed) in the machine at which the SRM server and the machine(s) at which the SRM C# client UI plugin is installed. The default VRMS certificate, generated from the VAMI UI, does not have subject alternative name pointing to the appliance IP address or FQDN. Also the common name of the Subject field is also neither the IP address, nor FQDN. If you want to have full validation of certificates (not only by thumbprint value), you would probably want to generate the certificates yourself and use a common CA, not self-signed certificates.
Regards,
Martin