Ask a Question

Advanced Search

Solution ID : SO22577

Last Modified : 05/18/2018

Managed PKI for SSL - Installation Instructions for Cisco Secure ACS 4.2

Solution


This document provides installation instructions for Cisco Secure ACS 4.2 server. If unable to use these instructions for your server, Symantec recommends that you contact the server vendor, or the organization which supports ACS.

Step 1: Obtain the SSL certificate

  1. Once your Managed PKI for SSL administrator has approved the certificate request, you will receive an email with
    the certificate download link, also attached (cert.cer), as well as in the body of the email itself.
  2. If copying the certificate imbedded in the body of the email, paste it into a text file using Vi or Notepad.
    NOTE: Do not use Microsoft Word or other word processing programs that may add characters.
    Confirm that there are no extra lines or spaces in the file.

    The text file should look like:

    -----BEGIN CERTIFICATE-----
              [encoded data]
    -----END CERTIFICATE-----

    NOTE: Click here for steps to download the certificate from your Managed PKI for SSL subscriber services page.
    Please select X.509 as a certificate format and copy only the End Entity Certificate.
     
  3. Save the certificate as public.txt


Step 2: Download the Symantec intermediate CA certificate

  1. Download the Intermediate CA certificate from this link.
  2. Select the appropriate intermediate CA certificate for your SSL certificate type.
    NOTE: If you are not sure which certificate you have purchased, follow the steps from this link.
  3. Copy the intermediate CA certificate and paste it on a Notepad.
  4. Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces, extra line breaks or additional characters have been inadvertently added.
  5. Save the file as intermediate-ca.cer


Step 3: Copy the certificate and the CA certificate to the ACS host

  1. Create a \certs directory on the ACS server.
  2. Open a DOS command window.
  3. To create a certificates directory, enter:
    mkdir <selected_drive>:\certs
    NOTE: Where selected_drive is the currently selected drive.
  4. Copy the following files for example to the \certs directory:

    ACS-1.nac.cisco.com.cer (server SSL certificate)
    ACS-1.PrivateKey.txt (server certificate private key)
    ca.nac.cisco.com.cer (CA certificate)
     

Step 4: Set Up the ACS Certification Authority

  1. To set up the ACS certification authority download and install the Symantec Root CA.
  2. In the navigation bar, click System Configuration.
    The System Configuration page opens.
  3. Click ACS Certificate Setup.
    The ACS Certificate Setup page opens.
  4. Click ACS Certification Authority Setup.
    The ACS Certificate Authority page opens as shown below. 


     
  5. Enter the path and filename for the certificate authority and then click Submit.
  6. Restart ACS.
    To restart ACS, choose System Configuration > Service Control and then click Restart.


Step 5: Edit the Certificate Trust List

          NOTE: After you set up the ACS certification authority, you must add the CA certificate to the ACS Certificate Trust list.
          To add the certificate to the Certificate Trust list:

  1. In the navigation bar, click System Configuration.
    The System Configuration page opens.
  2. Choose ACS Certificate Setup > Edit Certificate Trust List.
    The Edit Certificate Trust List page opens.
  3. In the list of certificates, locate the CA certificate that you installed and check the check box next to it.
  4. Click Submit.
  5. Restart ACS. To restart ACS, choose System Configuration > Service Control and then click Restart.


Step 6: Install the Symantec intermediate CA certificate

  1. Choose System Configuration > ACS Certificate Setup > ACS Certification Authority Setup.

    The ACS Certification Authority Setup page appears,as shown below.


     
  2. In the CA certificate file box, type the CA certificate location (path and name); for example: c:\Certs\ca.cer.
  3. Click Submit.

 
Step 7: Install the SSL certificate

  1. In the navigation bar, click System Configuration.
  2. The System Configuration page opens.
  3. Click ACS Certificate Setup.
  4. Click Install ACS Certificate.
  5. The Install ACS Certificate page opens, as shown below


     
  6. Click the Read certificate from file radio button.
  7. In the Certificate file text box, enter the server certificate location (path and name); for example: c:\Certs\server.cer.
  8. In the Private key file text box, type the server certificate private key location (path and name); for example: c:\Certs\server.pvk.
  9. In the Private Key password text box, type the private key password; for example cisco123.
  10. Click Submit.
  11. ACS displays a message indicating that the certificate has been installed and instructs you to restart the ACS services.
  12. Restart ACS. To restart ACS, choose System Configuration > Service Control and then click Restart.
  13. Verify your installation with the Symantec Installation Checker


Cisco

          For more information, please review Configuration Guide for Cisco Secure ACS 4.2.