Configuring Access Gateway to Use an Externally Signed Certificate

1. Click Devices > Access Gateways > Edit > [Name of Reverse Proxy].

2. In the Server Certificate line, click the Browse icon to select the Access Gateway certificate.

   IMPORTANT:If the external certificate authority writes the DN in reverse order (the cn element comes first rather than last), you receive an error message that the subject name does not contain the cn of the device. You can ignore this warning, if the order of the DN elements is the cause.

3. Specify an Alias for the certificate.

4. On the Server Configuration page, click Reverse Proxy / Authentication.

5. Update Access Gateway and Identity Server on respective pages.

To verify the trusted relationship between Identity Server and Access Gateway:

1. Enter the URL to a protected resource on Access Gateway.

2. Complete one of the following:

   • If you are prompted for login credentials, enter them. The trusted relationship has been reestablished.

   • If you receive a 100101043 or 100101044 error, the trusted relationship has not been established.

     For information about solving this problem, Section 32.3.2, Troubleshooting 100101043 and 100101044 Liberty Metadata Load Errors.