naccacert
OfficeScan clients with CTA installations authenticate with the ACS server before communicating client security posture. Several methods are available for authentication (see the Cisco Secure ACS documentation for details). For example, you may already have enabled computer authentication for Cisco Secure ACS using Windows Active Directory, which you can configure to automatically produce an end user client certificate when adding a new computer in Active Directory. For instructions, see Microsoft Knowledge Base Article 313407, HOW TO: Create Automatic Certificate Requests with Group Policy in Windows.
For users with their own Certificate Authority (CA) server, but whose end user clients do not yet have certificates, OfficeScan provides a mechanism to distribute a root certificate to OfficeScan clients. Distribute the certificate during OfficeScan installation or from the OfficeScan web console. OfficeScan distributes the certificate when it deploys the Cisco Trust Agent to clients (see Cisco Trust Agent Deployment).
If you already acquired a certificate from a Certificate Authority or produced your own certificate and distributed it to end user clients, it is not necessary to do so again.
Before distributing the certificate to clients, enroll the ACS server with the CA server and then prepare the certificate (see Cisco Secure ACS Server Enrolment for details).