If you are going to set up SSL communication between Identity Server and Access Gateway for authentication and you have configured Identity Server to use certificates created by an external CA, you need to import the public certificate of this CA into the trusted root keystore of Access Gateway.
If you have not imported the public certificate of this CA into the trusted root store of Identity Server, do so now. For more information, see Section 17.1.1, Importing Public Key Certificates (Trusted Roots).
To add the public certificate to Access Gateway:
Click Devices > Access Gateways > Edit > Service Provider Certificates > Trusted Roots
In the Trusted Roots section, click Add.
Click the Select trusted root(s) icon, select the public certificate of the CA that signed Identity Server certificates, then click OK.
Specify an alias, then click OK twice.
To apply the changes, click Close, then click Update on the Access Manager Appliance page.