Table of Contents
Advertisement
Cisco Secure ACS Certificate Setup
Step 1
Step 2
Step 3
Step 4
Step 5
Editing the Certificate Trust List
Note
User Guide for Cisco Secure ACS for Windows Server
10-38
To add a certificate authority certificate to your local storage, follow these steps:
In the navigation bar, click System Configuration.
Click ACS Certificate Setup.
Click ACS Certification Authority Setup.
Cisco Secure ACS displays the CA Operations table on the Certification
Authorities Setup page.
In the CA certificate file box, type the full path and filename for the certificate
you want to use.
Click Submit.
The new CA certificate is added to local certificate storage. And, if it is not
already there, the name of the CA that issued the certificate is placed on the CTL.
To use this new CA certificate to authenticate users, you must edit the
Tip
certificate trust list to signify that this CA is trusted. For more
information, see
Cisco Secure ACS uses the CTL to verify the client certificates. For a CA to be
trusted by Cisco Secure ACS, its certificate must be installed, and the
Cisco Secure ACS administrator must explicitly configure the CA as trusted by
editing the CTL. If the Cisco Secure ACS server certificate is replaced, the CTL
is erased; you must configure the CTL explicitly each time you install or replace
a Cisco Secure ACS server certificate.
The single exception to the requirement that a CA must be explicitly signified as
trustworthy occurs when the clients and Cisco Secure ACS are getting their
certificates from the same CA. You do not need to add this CA to the CTL because
Cisco Secure ACS automatically trusts the CA that issued its certificate.
Chapter 10
System Configuration: Authentication and Certificates
Editing the Certificate Trust List, page
10-38.
78-16592-01
Advertisement
Table of Contents
Troubleshooting
