I think the correct setting for the signature issue is this one:
|The maximum BPM's timestamp delay||The maximum BPM's timestamp delay in seconds for signature validation||
-> Increase the value to let's say 300 , and the problem should be gone
Why not, it's just a matter of correct configuration of the APM Webserver on the Gateway. If you don't disable port 80 after doing the hardening procedure, the webserver will still listen on port 80 and BPMs can connect via http, in addition to the https-channel to port 443 that you opened & configured during the hardening.