Chapter 3 Installing the Management Center for Cisco Security Agents
Initiating Secure Communications
3-44
Installing Management Center for Cisco Security Agents 5.2
78-17916-01

Upgrade Note

Newer versions of policies are not automatically attached to the auto-enrollment
groups during upgrade. If you want to update the mandatory policies, you can use
the CSA MC Compare tool to synchronize the existing auto-enrollment groups
with the new updated auto-enrollment groups added by the upgrade.
Initiating Secure Communications
CSA MC uses SSL to secure all communications between the CSA MC user
interface (locally and remotely) and the Management Center for Cisco Security
Agents server system itself. This way, all configuration data travels over secure
channels irrespective of the location of the CSA MC host system.
During installation, CSA MC generates private and public keys to be used for
secure communications between any system accessing the CSA MC user interface
and the CSA MC itself.
When your browser connects to the server, it receives the server’s certificate. Y ou
are then prompted to accept this certificate. It is recommended that you import it
into your local certificate database so that you are not prompted to accept the
certificate each time you login. The following sections show the process of
importing certificates into Internet Explorer and Netscape Web browsers.

Internet Explorer: Importing the Root Certificate

Note If you are using Internet Explorer 7.0, you see an “Invalid Certificate” screen
when you first attempt to open a CSA MC browser window. See the end of this
section for further information.
Step 1 You import the certificate from the CSA MC login window. Click the Get root
certificate link. See Figure 3-30.
Step 2 Select the Open (this file from its current location) button and click OK.
Step 3 The certificate information box appears (see Figure 3-31). It contains information
on the system the certificate is issued to and it displays expiration dates. Click the
Install Certificate button to start the Certificate Manager Import Wizard.