By default, all Access Manager components (Identity Server and Access Gateway) trust the certificates signed by the local CA. However, if Identity Server is configured to use an SSL certificate signed externally, the trusted store of the service provider for Access Gateway must be configured to trust this new CA. Import the public certificate of the CA into the following trust store:
For Access Gateway, click Devices > Access Gateways > Edit > Service Provider Certificates > Trusted Roots.
If an Access Gateway is configured to use an SSL certificate signed externally, the trusted store of Identity Server must be configured to trust this new CA. Import the public certificate of the CA into Identity Server configuration that the component is using for authentication.
Click Devices >Identity Servers > Edit > Security > NIDP Trust Store and add the certificate to the Trusted Roots list.
NOTE:Whenever you replace certificates on a device, you must update Identity Server configuration (by clicking Update Servers on the Servers page), or restart Embedded Service Provider.