The Internet Gateway is generating the following error messages every time that the gateway service restarts after adding a new certificate:
Unknown. Possible corruption of the certificate or issues with the local machine that can't decrypt the certificate password.
If the new certificate is a CNG type of certificate, we don't support it if it is a pre-8.6 RU2 environment. Support for CNG certificates was added in 8.6 RU2 release. Hence it is By Design that customer cannot use CNG type of certificates on an Internet Gateway pre-8.6 RU2.
Try a new certificate. Replace the existing one with a different one.
Note: Changing the certificate for your Internet Gateway will assign a new thumbprint that needs to be added to your gateway policy in the SMP Console. If it is the only Internet Gateway on your environment, it can cause that your CEM clients can't connect again until their gateway policy is updated with the new thumbprint.
The replacement process should be something like this:
For pre-8.6 RU2 customers, the workaround is to use other than CNG certificates format if they can't upgrade to 8.6 RU2 or later.