When Identity Server is configured to use an SSL certificate that is signed externally, the trusted store of the embedded service provider for each component must be configured to trust this new CA. Browsers that are used to authenticate to Identity Server must be configured to trust the CA that created the certificate for Identity Server. Most browsers are already configured to trust certificates from well-known CAs.
To use certificates signed by an external CA, perform the following activities:
Obtain externally signed certificates.
For more information, see Obtaining Externally Signed Certificates
in the NetIQ Access Manager Appliance 4.2 Administration Guide.
Configure Access Gateway to use externally signed certificates.
For more information, see Configuring the Access Gateway to Use an Externally Signed Certificate
in the NetIQ Access Manager Appliance 4.2 Administration Guide.