OIM App Server Session token certificate

Could you share the version of OneIM you are using?

The answer in general is yes, but the how-to donut depends on  it. 

and one more question: need to use  company CA certificate or self-signed certificate that  was generated in one of app srv? What information should be write in field Subject?

and one more question: need to use  company CA certificate or self-signed certificate that  was generated in one of app srv? What information should be write in field Subject?