This is my first time running an External PSC and VCSA as in the past of I have just done the embedded configuration. My question is regarding certificates and the only cert i'm concerned about is the machine_ssl cert. I want to replace the that cert with a 3rd party and I wasn't sure if I need to replace both the machine_ssl certs on PSC and VCSA?
You do, yes, because logins to vCenter are redirected to the PSC to obtain a SAML token, so if you want full trust across a vCenter session you should do both. And wildcards aren't supported just FYI.
I think the answer is obvious but I'm assuming that is 2 separate certs since i'm generating them from 2 different appliances correct? Not applying the same cert to both machines?
you will need to replace it in psc and sync your Vcenters with PSC, Below article may help you.
VMware Knowledge Base https://kb.vmware.com/s/article/2112277