Hi,
Do you try to install a private key signed by public CA to gateway's listen ports?
If yes, the steps could be,
1. create private key
2. generate CSR
3. sent CSR to CA and get the signed certificate
4. import the singed certificate (may need root certificate as well, and need to replace certificate chain)
5. change the default SSL key of gateway
Manage Private Keys - CA API Gateway - 9.2 - CA Technologies Documentation
Regards,
Mark