2) If the certificate needs to be signed by a Certificate Authority (CA), generate a CSR and deliver it to the corresponding CA. Once the certificate is signed by the CA, update the Gateway with this newly signed certificate. (Note: You can skip these steps if it is a self-signed certificate.)