Access Gateway can be configured to use certificates for SSL communication with three types of entities:
Identity Server: Access Gateway uses the Embedded Service Provider to communicate with Identity Server. The Access Manager CA automatically generates the required certificates for secure communication when you set up a trusted relationship with Identity Server. To manage these certificates in Administration Console, click Access Gateways > [Configuration Link] > Service Provider Certificates. For more information, see Section 17.3.1, Managing Embedded Service Provider Certificates.
Client browsers: You can enable SSL communication between the client browsers and Access Gateway. When setting up this feature, you can either have the Access Manager CA automatically generate a certificate key or you can select a certificate key you have already imported (or created) for the reverse proxy. To manage this certificate in Administration Console, click Access Gateways > [Configuration Link] > [Name of Reverse Proxy]. For more information, see Section 2.6.3, Managing Reverse Proxies and Authentication.
Protected Web Servers: You can enable SSL communication between Access Gateway and the web servers it is protecting. This option is only available if you have enabled SSL communication between the browsers and Access Gateway. You can enable SSL or mutual SSL. To manage these certificates in Administration Console, click Access Gateways > [Configuration Link] > [Name of Reverse Proxy] > [Name of Proxy Service] > Web Servers. For more information, see Section 2.6.4, Configuring Web Servers of a Proxy Service.