The management center should not be restarting the broker. I imagine what is happening is that the broker is kicking off the management center client.
When you make changes to a client, group, or role, any devices that are connected that are affected by those changes will be disconnected from the broker - when they reconnect they will have the correct authorisations applied.
For example, if you add a new ACL to a role, all of the clients using that role, either directly or through a group, will be kicked. If you add/remove a role from a client or group, add/remove a client from a group, or add/remove a role from a client or group the same is true.
I would recommend keeping a client/group specifically for administering the management centre clients, then you won’t be disturbed by your client being disconnected when you are making unrelated changes.
For configuring SSL you have to do that at the broker directly, it’s not yet possible through the management center. You should use a listener section like this:
certfile <path to your PEM encoded x509 certificate with intermediates>
keyfile <path to your PEM encoded private key>
I hope that helps.