8-73
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter8 Establishing Cisco Secure ACS System Configuration Global Authentication Setup
Note Cisco Secure ACS requires that the certificate and CA files be in
Base64-encoded X.509. You can also add the CA certificate by installing it
outside of Cisco Secure ACS (in Windows). After you install it, you should be
able to see the new CA in the CA list from within Cisco Secure ACS.
To add a new CA certificate to local certificate storage, follow these steps:
Step 1 In the navigation bar, click System Configuration.
Step 2 Click Certification Authority Setup.
Result: Cisco Secure ACS displays the CA Operations table.
Step 3 In the CA file name box, type the full directory path and name of the CA
certificate file.
Step 4 Click Submit.
Result: Cisco Secure ACS displays the following message in the display area on
the right:
New CA certificate is successfully added into the global system
certificate storage.
After you have installed a certificate in CiscoSecure ACS and added the required
CAs, you can configure EAP-TLS in Global Authentication Setup and then restart
Cisco Secure ACS.
Global Authentication SetupUse this procedure to select and configure how Cisco Secure ACS handles
extended options for authentication. In particular, you use this procedure to allow
either EAP-MD5 or EAP-TLS, and to allow either MS-CHAP Version 1 or
MS-CHAP Version 2, or both.