Cisco Systems 3.3 Server User Manual


 
10-37
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 10 System Configuration: Authentication and Certificates
Cisco Secure ACS Certificate Setup
Step 7 Click Submit.
To show that the certificate setup is complete, Cisco Secure ACS displays the
Installed Certificate Information table, which contains the following certificate
information:
Issued to: certificate subject
Issued by: CA common name
Valid from:
Valid to:
Validity
Adding a Certificate Authority Certificate
Use this procedure to add new certification authority (CA) certificates to
Cisco Secure ACS local certificate storage.
Note If the clients and Cisco Secure ACS are getting their certificates from the same
CA, you do not need to perform this procedure because Cisco Secure ACS
automatically trusts the CA that issued its certificate.
When a user certificate is from an unknown CA (that is, one that is different from
the CA that certifies the Cisco Secure ACS), you must specifically configure
Cisco Secure ACS to trust that CA or authentication fails. Until you perform this
procedure to explicitly extend trust by adding another CA, Cisco Secure ACS only
recognizes certificates from the CA that issued its own certificate.
Configuring Cisco Secure ACS to trust a specific CA is a two-step process that
comprises both this procedure of adding a CA’s certificate and the procedure in
Editing the Certificate Trust List, page 10-38, where you signify that the
particular CA is to be trusted. (Cisco Secure ACS comes configured with a list of
popular CAs, none of which are enabled until you explicitly signify
trustworthiness.)