Access Manager comes with certificates for testing purposes. The test certificates are called test-signing, test-encryption, test-provider, test-consumer, and test-connector. At a minimum, you must create two SSL certificates: one for Identity Server test-connector and one for Access Gateway reverse proxy. Then replace the predefined certificates with the new ones.
If you install a secondary Administration Console, the certificate authority (CA) is installed with the first instance of eDirectory. The secondary consoles have eDirectory replicas and therefore no CA software. All certificate management must be done from the primary Administration Console. Certificate management commands issued from a secondary Administration Console can work only if the primary console is running properly. Other commands can work independently of the primary console.
NOTE:After restarting Administration Console, the replaced certificate is not reflected on the secondary Administration Console. For more information about fixing the issue, see Section 33.5.11, Secondary Administration Console Does Not Reflect the Replaced Certificate.
IMPORTANT:Before generating any certificates with Administration Console CA, ensure that time is synchronized within one minute among all of your Access Manager devices. If the time of Administration Console is ahead of the device for which you are creating the certificate, the device rejects the certificate.
Click Security > Certificates.
Select from the following actions:
New: To create a new certificate, click New. For information, see Creating a Locally Signed Certificate and Generating a Certificate Signing Request.
Delete: To delete a certificate, select the certificate, then click Delete. If the certificate is assigned to a keystore, a warning message appears. You must remove a certificate from all keystores before it can be deleted.
Import Private/Public Keypair: To import a key pair, click Actions > Import Private/Public Keypair. For more information, see Importing a Private/Public Key Pair.
Add Certificate to Keystores: To add a certificate to a keystore, click Actions > Add Certificate to Keystore. For more information, see Adding a Certificate to a Keystore.
NOTE:To use an external OAuth signing certificate, you must add the certificate to the Signing keystore.
View Certificate Details: To view certificate details, renew a certificate, or export keys, click the name of the certificate. For more information, see Viewing Certificate Details.