When users log on to Gateway Administrator or the Reflection Transfer Client, the connection is made using HTTPS and the browser requires server authentication. By default, the Reflection Gateway servers send a self-signed security certificate to the browser for this purpose. (A self-signed certificate is signed by the same entity that it certifies.) The browser checks the digital signature in this certificate against its list of trusted Certificate Authorities (CAs) A server, in a trusted organization, which issues digital certificates. The CA manages the issuance of new certificates and revokes certificates that are no longer valid for authentication. A CA may also delegate certificate issuance authority to one or more intermediate CAs creating a chain of trust. The highest level CA certificate is referred to as the trusted root. . With the default certificates, you see a certificate warning, because the signer of the certificate is not in your browser's list of trusted CAs.
The procedures in this section describe options for managing these server certificates.