Your security deployment plan should contain policies for the following:
Key size for certificates: The Access Manager product ships with a CA that can create certificates with a key size of 2048, which is the maximum size supported by older software. For information about increasing the key size to 4096, see Section 24.8, Enabling 4096k Keys.
Certificate renewal dates: We recommend that certificates should be renewed every two years. Your security needs might allow for a longer or shorter period.
Trusted Certificate Authorities: The Access Manager ships with a CA, and during installation of the various components, it creates and distributes certificates. If this CA is not on your list of trusted CAs, you need to add certificates created by your trusted CAs. See Section 25.0, Assigning Certificates to Access Manager Devices.