This article describes how certificates are used in Smart ID Digital Access component (Hybrid Access Gateway).

You register Certificate Authorities (CA) to be used for validation of certificates, and you connect a CA certificate to it. A Certificate Authority issues client certificates used in authentication. An example of a Certificate Authority is Smart ID Certificate Manager.

Server certificates are used when establishing communication with users. It is possible to specify a server certificate for each additional listener for the access point, which enables you to have specific certificates for each IP address or port.

Server certificates can be associated with any of the following services:

• Hybrid Digital Access Gateway administration interfaceAdmin
• Authentication service
• Distribution service
• Access point
• APIs exposed by policy service

The server certificate that is added to the access point is presented to the browser whenever a user accesses the access point via a DNS or IP address that is not mentioned in the DNS for the access point. If a user accesses via a DNS that has its own server certificate associated, then that setting will override the certificate associated with access point.

The client certificate is used by the access point to authenticate itself with backend resource if the backend resource requires client authentication. When SSL is selected, the client certificate is used when communicating with the resources. Only one client certificate can be specified.