nacpsrvscert

Policy Server SSL Certificate Preparation

To establish a secure SSL connection between the ACS server and the Policy Server, prepare a certificate especially for use with SSL. Setup automatically generates the SSL certificate.

To prepare the Policy Server SSL certificate for distribution:

1. Export the certificate from the Certification Store on mmc.

If the Policy server runs IIS:

1. On the Policy Server, click Start > Run. The Run screen opens.

2. Type mmc in the Open box. A new management console screen opens.

3. Click Console > Add/Remove Snap-in. the Add/Remove Snap-in screen appears.

4. Click Add. The Add Standalone Snap-ins screen appears.

5. Click Certificates and click Add. The Certificates snap-in screen opens.

6. Click Computer Account and click Next. The Select Computer screen opens.

7. Click Local Computer and click Finish.

8. Click Close to close the Add Standalone Snap-in screen.

9. Click OK to close the Add/remove Snap-in screen.

10. In the tree view of the console, click Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates.

11. Select the certificate from the list.

• Check the certificate thumbprint by double-clicking the certificate and selecting Properties. The thumbprint should be the same as the thumbprint for the certificate located in the IIS console.
  
  To verify this, open the IIS console and right click either virtual Web site or default Web site (depending on the website on which you installed Policy Server) and then select Properties. Click Directory Security and then click View Certificate to view the certificate details, including the thumbprint.

12. Click Action > All Tasks > Export... The Certificate Export Wizard opens.

13. Click Next.

14. Click DER encoded binary x.509 or Base 64 encoded X.509 and click Next.

15. Enter a file name and browse to a directory to which to export the certificate.

16. Click Next.

17. Click Finish. A confirmation window displays.

18. Click OK.

If the Policy server runs Apache 2.0:

1. Obtain the certificate file server.cer. The location of the file depends on which server, the OfficeScan server or the Policy Server, you installed first:

• If you installed OfficeScan server before installing Policy Server, the file is in the following directory:
  <Server installation folder>\PCCSRV\Private\certificate

• If you installed Policy Server before installing OfficeScan server, the file is in the following directory:
  <Server installation folder>\PolicyServer\Private\certificate

2. Copy the certificate file to the ACS server.

2. Install the certificate on Cisco Secure ACS.

1. On the ACS web console, click System Configuration > ACS Certificate Setup > ACS Certification Authority Setup.

2. Type the full path and file name of the certificate in the CA certificate file field.

3. Click Submit. Cisco Secure ACS prompts you to restart the service.

4. Click System Configuration > Service Control.

5. Click Restart. Cisco Secure ACS restarts.