OfficeScan clients with
CTA installations authenticate with the ACS server before communicating
client security posture. Several methods are available for authentication
(see the Cisco Secure ACS documentation for details). For example,
you may already have enabled computer authentication for Cisco Secure
ACS using Windows Active Directory, which you can configure to automatically
produce an end user client certificate when adding a new computer
in Active Directory. For instructions, see Microsoft Knowledge Base
Article 313407, HOW TO: Create Automatic Certificate Requests with Group
Policy in Windows.
For users with their own Certificate Authority (CA) server, but
whose end user clients do not yet have certificates,
OfficeScan provides a mechanism
to distribute a root certificate to
OfficeScan clients.
Distribute the certificate during OfficeScan installation or from
the
OfficeScan web console.
OfficeScan distributes the certificate
when it deploys the Cisco Trust Agent to
OfficeScan clients (see
Cisco Trust Agent Deployment).
|
Note
If you already acquired a certificate from a Certificate
Authority or produced your own certificate and distributed it to
end user OfficeScan clients,
it is not necessary to do so again.
|
Before distributing the certificate to
OfficeScan clients,
enroll the ACS server with the CA server and then prepare the certificate
(see
Cisco Secure ACS Server Enrolment for
details).