Access Manager Appliance comes with certificates for testing purposes. At a minimum, you must create one SSL certificates for Identity Server and Access Gateway reverse proxy (NAM-RP). Then you replace the predefined certificates with the new ones.
If you install a secondary Administration Console, the certificate authority (CA) is installed with the first instance of eDirectory, and the secondary consoles have eDirectory replicas and therefore no CA software. All certificate management must be done from the primary Administration Console. Certificate management commands issued from a secondary Administration Console can work only if the primary console is also running properly. Other commands can work independently of the primary console.
IMPORTANT:Before generating any certificates with the Administration Console CA, ensure that time is synchronized within one minute among all of your Access Manager Appliance devices. If the time of the Administration Console is ahead of the device for which you are creating the certificate, the device rejects the certificate.
In the Administration Console, click Security > Certificates.
Select from the following actions:
New: To create a new certificate, click New. For information about the fields you need to fill in, see Section 10.1, Creating a Locally Signed Certificate and Section 10.4, Generating a Certificate Signing Request.
Delete: To delete a certificate, select the certificate, then click Delete. If the certificate is assigned to a keystore, a warning message appears. You must remove a certificate from all keystores before it can be deleted.
Import Private/Public Keypair: To import a key pair, click Import Private/Public Keypair. For more information, see Section 11.5, Importing a Private/Public Key Pair.