Chapter8 E stablishing CiscoSecure ACS System Configuration
CiscoSecure ACS Certificate Setup
8-64
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
This section contains procedures for the following subjects:
•Generating a Request for a Certificate, page 8-64
•Installing Cisco Secure ACS Certification with Manual Enrollment,
page 8-66
•Installing Cisco Secure ACS Certification with Automatic Enrollment,
page 8-68
•Performing Cisco Secure ACS Certification Update or Replacement,
page 8-69
Generating a Request for a CertificateYou perform this generation procedure to create an RSA key pair for the server
and a new digital certificate for Cisco Secure ACS, and to send information to a
CA, requesting that they assign the server certificate for your Cisco Secure ACS.
All EAP-TLS authentications require certificates from both the end-user clients
and the Cisco Secure ACS(s) configured for EAP-TLS support. To obtain a server
certificate, you can either import an existing server certificate into
Cisco Secure ACS, or generate a new one. You do not need to perform this
procedure from within Cisco Secure ACS if you have alternative means of
generating a certificate request (including producing private and public key pairs).
Note that one server certificate may be used for more than one Cisco Secure ACS
by exporting the certificate and keypair from one server and importing this
credential into additional Cisco Secure ACS(s).
Note If you are using a file to install a certificate in CiscoSecure ACS, the
certificate must comply with the X.509 version 3 digital certificate standard.
To request a certificate for manual enrollment, follow these steps:
Step 1 In the navigation bar, click System Configuration.
Step 2 Click ACS Cert ific a te Se tup.
Result: If you are accessing this page for the first time, Cisco Secure ACS
displays the Install new certificate table on the ACS Certificate Setup page. (If
you have already installed a server certificate, information on it is displayed.)