When certificate validation fails, the browser displays a standard Page expired error. If you want Identity Server to display an Access Manager error instead of the usual error messages provided by the browser, edit the server.xml by using the following steps:
Open Identity Server’s server.xml file and search for the clientAuth attribute.
For information about how to open and modify a file, see Modifying Configurations.
Modify the value of the clientAuth attribute from the default value of false to want.
NOTE:If you use clientAuth="want" in a connector, ensure that the connector contains protocol="org.apache.coyote.http11.Http11NioProtocol".
Export the certificate of the user and the server from Administration Console by using the Security > Certificates option.
To avoid the untrusted certificate messages in browsers, import the trusted root certificate of the CA into your browsers. See Resolving Certificate Import Issues.