The Identity Server must be configured to trust the CA that created the SSL key pair certificate of your application server. The public key of this CA needs to be added to the NIDP Trust Store of the Identity Server. For instructions, select the NIDP Trust Store, and specify the IP address and port of your application server.
The Embedded Service Provider of the agent, which the agent uses for communication with the Identity Server, must be configured to trust the CA that generated the certificate for the Identity Server. If you configured the Identity Server to use a certificate generated by a CA other than the Access Manager CA, you must add the public certificate of this CA to the trusted roots store of the Embedded Service Provider. See Section 5.2, Managing Embedded Service Provider Certificates.