Cisco Systems CSACS3415K9 Computer Accessories User Manual

Open as PDF

of 678

8-76

User Guide for Cisco Secure Access Control System 5.4

OL-26225-01

Chapter8 Managing Users and Identity Stores

Configuring Certificate Authentication Profiles

When ACS processes a certificate-based request for authentication, one of two things happens: the

username from the certificate is compared to the username in ACS that is processing the request, or ACS

uses the information that is defined in the selected LDAP or AD identity store to validate the certificate

information.

You can duplicate a certificate authentication profile to create a new profile that is the same, or similar

to, an existing certificate authentication profile. After duplication is complete, you access each profile

(original and duplicated) separately, to edit or delete them.

ACS 5.4 now supports certificate name constraint extension. It accepts the client certificates whose

issuers contain the name constraint extension. It checks the client certificates for CA and sub-CA

certificates. This extension defines a name space for all subject names in the subsequent certificates in

a certificate path. It applies to both the subject distinguished name and the subject alternative name.

These restrictions are applicable only when the specified name form is present in the client certificate.

The ACS authentication fails if the client certificate is excluded or not permitted by the namespace.

Supported Name Constraints:

• Directory name

• DNS

• Email

• URL

Unsupported Name Constraints:

• IP address

• Other name

To create, duplicate, or edit a certificate authentication profile, complete the following steps:

Step 1 Select Users and Identity Stores > Certificate Authentication Profile.

The Certificate Authentication Profile page appears.

Step 2 Do one of the following:

• Click Create.

• Check the check box next to the certificate authentication profile that you want to duplicate, then

click Duplicate.

• Click the certificate authentication profile that you want to modify, or check the check box next to

the name and click Edit.

The Certificate Authentication Profile Properties page appears.

Step 3 Complete the fields in the Certificate Authentication Profile Properties page as described in Table 8-24:

Table 8-24 Certificate Authentication Profile Properties Page

Option Description

General

Name Enter the name of the certificate authentication profile.

Description Enter a description of the certificate authentication profile.

Certificate Definition

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems CSACS3415K9 Computer Accessories User Manual