By default, all Access Manager components (Identity Server and Access Gateway) trust the certificates signed by the local CA. However, if the Identity Server is configured to use an SSL certificate signed externally, the trusted store of the service provider for Access Gateway must be configured to trust this new CA. Import the public certificate of the CA into the following trust store:
For an Access Gateway, click Devices > Access Gateways > Edit > Service Provider Certificates > Trusted Roots.
If an Access Gateway is configured to use an SSL certificate signed externally, the trusted store of the Identity Server must be configured to trust this new CA. Import the public certificate of the CA into the Identity Server configuration that the component is using for authentication.
In the Administration Console, click Devices >Identity Servers > Edit > Security > NIDP Trust Store and add the certificate to the Trusted Roots list.
NOTE:Whenever you replace certificates on a device, you must update the Identity Server configuration (by clicking Update Servers on the Servers page), or restart the Embedded Service Provider.