Cisco Systems 3.3 Server User Manual


 
Chapter 10 System Configuration: Authentication and Certificates
Cisco Secure ACS Certificate Setup
10-38
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
To add a certificate authority certificate to your local storage, follow these steps:
Step 1 In the navigation bar, click System Configuration.
Step 2 Click ACS Certificate Setup.
Step 3 Click ACS Certification Authority Setup.
Cisco Secure ACS displays the CA Operations table on the Certification
Authorities Setup page.
Step 4 In the CA certificate file box, type the full path and filename for the certificate
you want to use.
Step 5 Click Submit.
The new CA certificate is added to local certificate storage. And, if it is not
already there, the name of the CA that issued the certificate is placed on the CTL.
Tip To use this new CA certificate to authenticate users, you must edit the
certificate trust list to signify that this CA is trusted. For more
information, see Editing the Certificate Trust List, page 10-38.
Editing the Certificate Trust List
Cisco Secure ACS uses the CTL to verify the client certificates. For a CA to be
trusted by Cisco Secure ACS, its certificate must be installed, and the
Cisco Secure ACS administrator must explicitly configure the CA as trusted by
editing the CTL. If the Cisco Secure ACS server certificate is replaced, the CTL
is erased; you must configure the CTL explicitly each time you install or replace
a Cisco Secure ACS server certificate.
Note The single exception to the requirement that a CA must be explicitly signified as
trustworthy occurs when the clients and Cisco Secure ACS are getting their
certificates from the same CA. You do not need to add this CA to the CTL because
Cisco Secure ACS automatically trusts the CA that issued its certificate.