Access Manager comes with certificates for testing purposes. At a minimum, you must create one SSL certificates for Identity Server and Access Gateway reverse proxy (NAM-RP). Then replace the predefined certificates with the new ones.
If you install a secondary Administration Console, the certificate authority (CA) is installed with the first instance of eDirectory. The secondary consoles have eDirectory replicas and therefore no CA software. All certificate management must be done from the primary Administration Console. Certificate management commands issued from a secondary Administration Console can work only if the primary console is running properly. Other commands can work independently of the primary console.
NOTE:After restarting Administration Console, the replaced certificate is not reflected on the secondary Administration Console. For more information about fixing the issue, see Section 32.5.8, Secondary Administration Console Does Not Reflect the Replaced Certificate.
IMPORTANT:Before generating any certificates with Administration Console CA, ensure that time is synchronized within one minute among all of your Access Manager devices. If the time of Administration Console is ahead of the device for which you are creating the certificate, the device rejects the certificate.
Click Security > Certificates.
Select from the following actions:
New: To create a new certificate, click New. For information, see Creating a Locally Signed Certificate and Generating a Certificate Signing Request.
Delete: To delete a certificate, select the certificate, then click Delete. If the certificate is assigned to a keystore, a warning message appears. You must remove a certificate from all keystores before it can be deleted.
Import Private/Public Keypair: To import a key pair, click Import Private/Public Keypair. For more information, see Importing a Private/Public Key Pair.