Certificates Parent topic

Cisco NAC technology uses the following digital certificates to establish successful communication between various components:

Cisco NAC Certificates

Certificate
Description
ACS certificate
Establishes trusted communication between the ACS server and the Certificate Authority (CA) server. The Certificate Authority server signs the ACS certificate before you save it on the ACS server.
CA certificate
Authenticates OfficeScan clients with the Cisco ACS server. The OfficeScan server deploys the CA certificate to both the ACS server and to OfficeScan clients (packaged with the Cisco Trust Agent).
Policy Server SSL certificate
Establishes secure HTTPS communication between the Policy Server and ACS server. The Policy Server installer automatically generates the Policy Server SSL certificate during Policy Server installation.
The Policy Server SSL certificate is optional. However, use it to ensure that only encrypted data transmits between the Policy Server and ACS server.
The figure below illustrates the steps involved in creating and deploying ACS and CA certificates:
  1. After the ACS server issues a certificate signing request to the CA server, the CA issues a certificated called ACS certificate. The ACS certificate then installs on the ACS server. See Cisco Secure ACS Server Enrolment for more information.
  2. A CA certificate is exported from the CA server and installed on the ACS server. See CA Certificate Installation for detailed instructions.
  3. A copy of the same CA certificate is saved on the OfficeScan server.
  4. The OfficeScan server deploys the CA certificate to OfficeScan clients with the CTA. See Cisco Trust Agent Deployment for detailed instructions.