You select Access Gateway certificates on two pages in Administration Console:
Devices > Access Gateways > Edit > [Name of Reverse Proxy]
Devices > Access Gateways > Edit > [Name of Reverse Proxy] > [Name of Proxy Service] > Web Servers
When you configure certificates on these pages, you need to be aware that two phases are used to push the certificates into active use.
Phase 1: When you select a certificate on one of these pages, then click OK, the certificate is placed in the keystore on Administration Console and it is pushed to Access Gateway. The certificate is available for use, but it is not used until you update Access Gateway.
Phase 2: When you select to update Access Gateway, the configuration for Access Gateway is modified to contain references to the new certificate and the configuration change is sent to Access Gateway. Access Gateway loads and uses the new certificate.