By default, all Access Manager components (Identity Server, Access Gateway, SSL VPN, and J2EE agents) trust the certificates signed by the local CA. However, if the Identity Server is configured to use an SSL certificate signed externally, the trusted store of the service provider for each component must be configured to trust this new CA. Import the public certificate of the CA into the following trust stores:
For an Access Gateway, click
> > > .For a J2EE agent, click
> > .For an SSL VPN server, click
> > > .If an Access Gateway, a J2EE agent, or an SSL VPN server is configured to use an SSL certificate signed externally, the trusted store of the Identity Server must be configured to trust this new CA. Import the public certificate of the CA into the Identity Server configuration that the component is using for authentication.
In the Administration Console, click
> > > and add the certificate to the Trusted Roots list.NOTE:Whenever you replace certificates on a device, you must update the Identity Server configuration (by clicking
on the Servers page), or restart the Access Gateway ESP application.