You can select Access Gateway certificates on two pages in Administration Console:
Devices > Access Gateways > Edit > [Name of Reverse Proxy]
Devices > Access Gateways > Edit > [Name of Reverse Proxy] > [Name of Proxy Service] > Web Servers
Configuring certificates on these pages consists of two phases to push the certificates into active use.
Phase 1: When you select a certificate on one of these pages and click OK, the certificate is placed in the keystore on Administration Console and it is pushed to Access Gateway. The certificate is available for use, but it is not used until you update Access Gateway.
Phase 2: When you select to update Access Gateway, the configuration for Access Gateway is modified to contain references to the new certificate and the configuration change is sent to Access Gateway. Access Gateway loads and uses the new certificate.
IMPORTANT:The certificate associated with the NAM-RP Reverse Proxy is available for use for Identity Server. When you select the certificate, it is pushed to Access Gateway and the Identity Server. Along with updating the Access Gateway, Identity Server should also be updated.