By default, all Access Manager components (Identity Server and Access Gateway) trust the certificates signed by the local CA. We recommend that you configure Identity Server to use an SSL certificate signed externally, and that you configure the trusted store of the Embedded Service Provider for each component to trust this new CA. See Section 19.0, Assigning Certificates to Access Manager Devices.