Hello,

Though I don't know what that exactly is, I think that may be one of below..:

1. Root certificate of Internal Resources that uses self signed certificate behind content gateway.
2. Root certificate of content gateway(endpoint) that uses self signed certificate behind content gateway(relay).

I wonder if we do not have to import trusted certificates in below example cases..:

1. All content gateway(endpoint) or Internal Resources uses a certificates from CA that has already been trusted by content gateways in front of them.
2. All Internal Resources do not uses protocol that needs tls/ssl connection.

I hope this would be some of help..

Regards