Your security deployment plan should contain policies for the following:
Key size for certificates: Access Manager ships with a CA that can create certificates with a key size of 512, 1024, 2048, or 4096. Select the maximum size supported by the applications that you are protecting with Access Manager.
Certificate renewal dates: Ensure that you renew certificates before it gets expired. Your security needs might allow for a longer or shorter period.
Trusted certificate authorities: Access Manager ships with a CA, and during installation of the various components, it creates and distributes certificates. For added security, you might want to replace these certificates with certificates from a well-known CA.
NOTE:Access Manager supports SHA-256 and SHA-512 as a signing algorithm.
For more information about how to import certificates, see Section 16.5, Importing a Signed Certificate.