In Administration Console Dashboard, click Devices > Identity Servers > Edit.
Change Protocol to HTTPS (the system changes the port to 8443).
In the SSL Certificate line, click the Browse icon > Replace and select the Identity Server certificate.
Restart Tomcat.
If your Identity Server and Administration Console are on the same machine, log in to Administration Console again.
After the Identity Server health turns green, go to Access Gateway > Edit > Service Provider Certificates > Trusted Roots.
Click Add to select the trusted root certificate of the certificate authority that signed Identity Server certificate.
(Conditional) If you imported intermediate certificates for the CA, select them also.
IMPORTANT:If the external certificate authority writes the DN in reverse order (the cn element is displayed first), you receive an error message that the certificate names do not match. You can ignore this warning, if the order of the DN elements is the cause.
Update Access Gateway.