By default, all Access Manager components (Identity Server and Access Gateway) trust the certificates signed by the local CA. We recommend that you configure Identity Server to use an SSL certificate signed externally, and that you configure the trusted store of the Embedded Service Provider for each component to trust this new CA. See Section 18.0, Assigning Certificates to Access Manager Devices.
Be aware of the following options that can increase security: