Installation Instructions for Cisco Secure ACS 4.2

Solution ID:    SO16153    Updated:    05/24/2017

Solution


This document provides installation instructions for Cisco Secure ACS 4.2 server. If you are unable to use these instructions for your server, Symantec recommends that you contact the server vendor or the organization, which supports ACS.

Step 1: Obtain the SSL Certificates

  1. The Symantec certificate will be sent by email. The certificate is included as an attachment (Cert.cer) and it is also imbedded in the body of the email.
  2. Copy and paste the certificate into a text file using Vi or Notepad 

    The text file should look like:

    -----BEGIN CERTIFICATE-----
        
            [encoded data]

    -----END CERTIFICATE-----
     
  3. Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces,
    extra line breaks or additional characters have been inadvertently added.

    NOTE: You can also download the certificate from your Symantec Trust Center account by following the steps from this link: SO8061
    When downloading the certificate, please select X.509 as a certificate format and copy only the End Entity Certificate
     
  4. Save the file with extansion .cer


Step 2: Download the Symantec Intermediate CA certificate

  1. Download the Intermediate CA certificate from this link: INFO657
    Select the appropriate Intermediate CA certificate for your SSL Certificate type.
    NOTE: To check which certificate type you have purchased, follow the steps from this link: SO13499
  2. Copy the Intermediate CA certificate and paste it on a Notepad
  3. Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces,
    extra line breaks or additional characters have been inadvertently added.
  4. Save the file as intermediate.cer


Step 3: Copy the Certificate and the CA Certificate to the ACS host:

  1. Create a \certs directory on the ACS server.
  2. Open a DOS command window.
  3. To create a certificates directory, enter:
    mkdir <selected_drive>:\certs
    NOTE: Where selected_drive is the currently selected drive.
  4. Copy the following files for example to the \certs directory:

    ACS-1.nac.cisco.com.cer (server SSL certificate)
    ACS-1.PrivateKey.txt (server certificate private key)
    ca.nac.cisco.com.cer (CA certificate)
     

Step 4: Set Up the ACS Certification Authority

  1. To set up the ACS certification authority download and install the Symantec Root CA described in SO4785:
  2. In the navigation bar, click System Configuration.
    The System Configuration page opens.
  3. Click ACS Certificate Setup.
    The ACS Certificate Setup page opens.
  4. Click ACS Certification Authority Setup.
    The ACS Certificate Authority page opens as shown below. 


     
  5. Enter the path and filename for the certificate authority and then click Submit.
  6. Restart ACS.
    To restart ACS, choose System Configuration > Service Control and then click Restart.


Step 5: Edit the Certificate Trust List

          NOTE: After you set up the ACS certification authority, you must add the CA certificate to the ACS Certificate Trust list.
          To add the certificate to the Certificate Trust list:

  1. In the navigation bar, click System Configuration.
    The System Configuration page opens.
  2. Choose ACS Certificate Setup > Edit Certificate Trust List.
    The Edit Certificate Trust List page opens.
  3. In the list of certificates, locate the CA certificate that you installed and check the check box next to it.
  4. Click Submit.
  5. Restart ACS. To restart ACS, choose System Configuration > Service Control and then click Restart.


Step 6: Install the Symantec Intermediate CA Certificate

  1. Choose System Configuration > ACS Certificate Setup > ACS Certification Authority Setup.

    The ACS Certification Authority Setup page appears,as shown below.


     
  2. In the CA certificate file box, type the CA certificate location (path and name); for example: c:\Certs\ca.cer.
  3. Click Submit.

 
Step 7: Install the SSL Certificate

  1. In the navigation bar, click System Configuration.
  2. The System Configuration page opens.
  3. Click ACS Certificate Setup.
  4. Click Install ACS Certificate.
  5. The Install ACS Certificate page opens, as shown below


     
  6. Click the Read certificate from file radio button.
  7. In the Certificate file text box, enter the server certificate location (path and name); for example: c:\Certs\server.cer.
  8. In the Private key file text box, type the server certificate private key location (path and name); for example: c:\Certs\server.pvk.
  9. In the Private Key password text box, type the private key password; for example cisco123.
  10. Click Submit.
  11. ACS displays a message indicating that the certificate has been installed and instructs you to restart the ACS services.
  12. Restart ACS. To restart ACS, choose System Configuration > Service Control and then click Restart.
  13. Verify your installation with the Symantec SSL Certificate Checker


Cisco

          For more information, please review Configuration Guide for Cisco Secure ACS 4.2.
 

Disclaimer:

Terms of use for this information are found in Legal Notices

Contact Support

Find Answers