This section explains how to enable SSL communication between Access Gateway and Identity Server (channel 3 in Figure 20-1).
Click Devices > Access Gateways > Edit > [Name of Reverse Proxy].
Select Enable SSL with Embedded Service Provider and Enable SSL between Browser and Access Gateway.
In the Server Certificate line, click the Browse icon to select the Access Gateway certificate.
IMPORTANT:If the external certificate authority writes the DN in reverse order (the cn element comes first rather than last), you receive an error message that the subject name does not contain the cn of the device. You can ignore this warning, if the order of the DN elements is the cause.
Click Auto-Import Embedded Service Provider Trusted Root.
This adds the trusted root of the Access Gateway certificate to the trusted root store of Identity Server.
Specify an Alias for the certificate.
On the Server Configuration page, click Reverse Proxy / Authentication.
In the Embedded Service Provider section, click Auto-Import Identity Server Configuration Trusted Root and follow the prompts.
This imports the trusted root certificate of Identity Server into the trusted root store of the embedded service provider.
Update Access Gateway and Identity Server on respective pages.
To verify the trusted relationship between Identity Server and Access Gateway:
Enter the URL to a protected resource on Access Gateway.
Complete one of the following:
If you are prompted for login credentials, enter them. The trusted relationship has been reestablished.
If you receive a 100101043 or 100101044 error, the trusted relationship has not been established.
For information about solving this problem, Section 33.3.2, Troubleshooting 100101043 and 100101044 Liberty Metadata Load Errors.