Problem

Generating new certificates compliant to your organization security policy in order to replace Axway Sample certificates (certificates for ciphering communication between Gateway and Secure Relay).

Resolution

In order to be able to establish securized communication between Gateway and Secure Relay, Router agent (Secure Relay) certificate must have "Digital Signature" key usage and Master agent (Gateway) certificate must have "Digital Signature" and "Key Encipherment" key usages.

If on your organization, certificates need to have critical extended key usages, in this architecture Secure Relay (router agent) is acting as SSL client and Gateway (master agent) is acting as SSL Server.

For Router agent certificate(s) Key usages will be:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage critical:
Digital Signature
X509v3 Extended Key Usage critical:
TLS Web Client Authentication

For Master agent certificate Key usages will be:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage critical:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage critical:
TLS Web Server Authentication