Ask a Question

Solution ID : SO22586

Last Modified : 05/02/2018

Installation Instructions for Cisco Secure ACS 4.2

Solution


This document provides installation instructions for Cisco Secure ACS 4.2 server. If you are unable to use these instructions for your server, RapidSSL recommends that you contact the server vendor or the organization, which supports ACS.

Step 1: Obtain the SSL Certificates

    1.    The RapidSSL certificate will be sent by email.
    2.    Copy the certificate imbedded in the body of the email and paste it into a text file using Vi or Notepad.

           The text file should look like:

           -----BEGIN CERTIFICATE-----

                     [encoded data]

           -----END CERTIFICATE-----

    3.    Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE
           and that no white spaces, extra line breaks or additional characters have been inadvertently added.

           NOTE: You can downlaod the certificate also from the RapidSSL User Portal by
           following the steps from this link:  SO16222
           Please select X.509 as a certificate format and copy only the End Entity Certificate.

    4.    Save the file with extansion .cer


Step 2: Download the RapidSSL Intermediate CA certificate

    1.    Download the Intermediate CA certificate according to your SSL product from this link: AR1548
    2.    Copy the Intermediate CA certificate and paste it on a Notepad document

           Note:  Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and
           that no white spaces, extra line breaks or additional characters have been inadvertently added.

    3.    Save the file as intermediate_ca.cer


Step 3: Copy the Certificate and the CA Certificate to the ACS host:

    1.    Create a \certs directory on the ACS server.
    2.    Open a DOS command window.
    3.    To create a certificates directory, enter:
           mkdir <selected_drive>:\certs
          
NOTE: Where selected_drive is the currently selected drive.

    4.    Copy the following files for example to the \certs directory:

           ACS-1.nac.cisco.com.cer (server SSL certificate)
           ACS-1.PrivateKey.txt (server certificate private key)
           intermediate_ca.cer (CA certificate)
 

Step 4: Set Up the ACS Certification Authority

    1.    To set up the ACS CA, download and install the RapidSSL Root CA described in SO20329
    2.    In the navigation bar, click System Configuration.
           The System Configuration page opens.
    3.    Click ACS Certificate Setup.
           The ACS Certificate Setup page opens.
    4.    Click ACS Certification Authority Setup.
           The ACS Certificate Authority page opens as shown below. 

           

    5.    Enter the path and filename for the certificate authority and then click Submit.
    6.    Restart ACS. To restart ACS, choose System Configuration > Service Control
    7.    Click Restart.


Step 5: Edit the Certificate Trust List

           NOTE: After you set up the ACS certification authority, you must add the CA certificate to the
           ACS Certificate Trust list:

    1.    In the navigation bar, click System Configuration.
           The System Configuration page opens.
    2.    Choose ACS Certificate Setup > Edit Certificate Trust List.
           The Edit Certificate Trust List page opens.
    3.    In the list of certificates, locate the CA certificate that you installed and check the check box next to it.
    4.    Click Submit.
    5.    Restart ACS. To restart ACS, choose System Configuration > Service Control
    6.    Click Restart.


Step 6: Install the RapidSSL Intermediate CA Certificate

    1.    Choose System Configuration > ACS Certificate Setup > ACS Certification Authority Setup.
           The ACS Certification Authority Setup page appears,as shown below.

           


    2.    In the CA certificate file box, type the CA certificate location (path and name)
           For example: c:\Certs\ca.cer.
    3.    Click Submit.

 
Step 7: Install the SSL Certificate

    1.    In the navigation bar, click System Configuration.
    2.    The System Configuration page opens.
    3.    Click ACS Certificate Setup.
    4.    Click Install ACS Certificate.
    5.    The Install ACS Certificate page opens, as shown below

            


    6.    Click the Read certificate from file radio button.
    7.    In the Certificate file text box, enter the server certificate location (path and name)
           For example: c:\Certs\server.cer.
    8.    In the Private key file text box, type the server certificate private key location (path and name)
           For example: c:\Certs\server.pvk.
    9.    In the Private Key password text box, type the private key password; for example cisco123.
  10.    Click Submit.
  11.    ACS displays a message indicating that the certificate has been installed and instructs you to
            restart the ACS services.
  12.    Restart ACS. To restart ACS, choose System Configuration > Service Control
  13.    Click Restart.
  14.    To verify the certificate installation, use the RapidSSL Installation Checker


Cisco

           For more information, please review Configuration Guide for Cisco Secure ACS 4.2.