You can configure Access Gateway to use certificates for SSL communication with three types of entities:
Identity Server: Access Gateway uses ESP to communicate with Identity Server. The Access Manager CA automatically generates the required certificates for secure communication when you set up a trusted relationship with Identity Server. To manage these certificates in Administration Console, click Access Gateways > [Configuration Link] > Service Provider Certificates. For more information, see Managing Embedded Service Provider Certificates.
Client browsers: You can enable SSL communication between client browsers and Access Gateway. When setting up this feature, you can have the Access Manager CA automatically generate a certificate key or you can select a certificate key you have already imported (or created) for the reverse proxy. To manage this certificate in Administration Console, click Access Gateways > [Configuration Link] > [Name of Reverse Proxy]. For more information, see Managing Reverse Proxies and Authentication.
Protected Web Servers: You can enable SSL communication between Access Gateway and web servers it is protecting. This option is only available when you enable the SSL communication between browsers and Access Gateway. You can enable SSL or mutual SSL. To manage these certificates in Administration Console, click Access Gateways > [Configuration Link] > [Name of Reverse Proxy] > [Name of Proxy Service] > Web Servers. For more information, see Configuring Web Servers of a Proxy Service.