This section explains how to enable SSL communication between Access Gateway and Identity Server (channel 3 Figure 7-1, SSL Communication Channels).
Click Devices > Access Gateways > Edit > [Name of Reverse Proxy].
Select Enable SSL with Embedded Service Provider and Enable SSL between Browser and Access Gateway.
In the Server Certificate line, click the Browse icon to select the Access Gateway certificate.
IMPORTANT:If the external certificate authority writes the DN in reverse order (the cn element comes first rather than last), you receive an error message that the subject name does not contain the cn of the device. You can ignore this warning, if the order of the DN elements is the cause.
Click Auto-Import Embedded Service Provider Trusted Root.
This adds the trusted root of the Access Gateway certificate to the trusted root store of Identity Server.
Specify an Alias for the certificate.
On the Server Configuration page, click Reverse Proxy / Authentication.
In the Embedded Service Provider section, click Auto-Import Identity Server Configuration Trusted Root and follow the prompts.
This imports the trusted root certificate of Identity Server into the trusted root store of the embedded service provider.
Update Access Gateway and Identity Server on respective pages.