You need to do 3 things to install a new certificate on a secure gateway after you changed your secure gateway URL, thus invalidating your certificate:
- Change your webinterface URL if webinterface is installed on the same server as the secure gateway. Do this in the access management console.
- Import the new certificate in the Computer account certificate store via the certificates mmc (Do not user the IE certificate wizard)
- Use the secure gateway configuration wizard to select the new certificate. The private key needs to be installed on the server.
The wizard will propose to restart the secure gateway service, all users will lose their connection, but will be able to reconnect.
See the little key, private certificate is installed on the server, otherwise it is not.
If you missed step 1 and you are logged in at a customer who only has secure gateway, you will get SSL error 59, because you are trying to connect to a webinterface which does not correspond with the certificate URL. In this case download the ICA file from the webinterface and change your webinterface address in the ICA file. By opening the ICA file you will now be able to connect to the webinterface over secure gateway. Now change the setting in the access management console.
