You select Access Gateway certificates on two pages in the Administration Console:
Devices > Access Gateways > Edit > [Name of Reverse Proxy]
Devices > Access Gateways > Edit > [Name of Reverse Proxy] > [Name of Proxy Service] > Web Servers
When you configure certificates on these pages, you need to be aware that two phases are used to push the certificates into active use.
Phase 1: When you select a certificate on one of these pages, then click OK, the certificate is placed in the keystore on the Administration Console and it is pushed to the Access Gateway. The certificate is available for use, but it is not used until you update the Access Gateway.
Phase 2: When you select to update the Access Gateway, the configuration for the Access Gateway is modified to contain references to the new certificate and the configuration change is sent to the Access Gateway. The Access Gateway loads and uses the new certificate.
IMPORTANT:The certificate associated with the NAM-RP Reverse Proxy is available for use for Identity Server. When you select the certificate, it is pushed to Access Gateway and the Identity Server. Along with updating the Access Gateway, Identity Server should also be updated.