Exporting and Installing the CA Certificate for Distribution Parent topic

Procedure

  1. Export the certificate from the Certification Authority (CA) server:
    1. On the CA server, click StartRun.
      The Run screen opens.
    2. Type mmc in the Open box.
      A new management console screen opens.
    3. Click FileAdd/Remove Snap-in.
      The Add/Remove Snap-in screen appears.
    4. Click Certificates and click Add.
      The Certificates snap-in screen opens.
    5. Click Computer Account and click Next.
      The Select Computer screen opens.
    6. Click Local Computer and click Finish.
    7. Click Close to close the Add Standalone Snap-in screen.
    8. Click OK to close the Add/remove Snap-in screen.
    9. In the tree view of the console, click CertificatesTrusted RootCertificates.
    10. Select the certificate to distribute to clients and the ACS server from the list.
    11. Click ActionAll TasksExport....
      The Certificate Export Wizard opens.
    12. Click Next.
    13. Click DER encoded binary x.509 and click Next.
    14. Enter a file name and browse to a directory to which to export the certificate.
    15. Click Next.
    16. Click Finish.
      A confirmation window displays.
    17. Click OK.
  2. Install the certificate on Cisco Secure ACS.
    1. Click System ConfigurationACS Certificate SetupACS Certification Authority Setup.
    2. Type the full path and file name of the certificate in the CA certificate file field.
    3. Click Submit. Cisco Secure ACS prompts you to restart the service.
    4. Click System ConfigurationService Control.
    5. Click Restart. Cisco Secure ACS restarts.
    6. Click System ConfigurationACS Certificate ManagementEdit Certificate Trust List. The Edit Certificate Trust List screen appears.
    7. Select the check box that corresponds to the certificate you imported in step b and click Submit. Cisco Secure ACS prompts you to restart the service.
    8. Click System ConfigurationService Control.
    9. Click Restart. Cisco Secure ACS restarts.
  3. Copy the certificate (.cer file) to the OfficeScan server computer to deploy it to the client with the CTA (see for more information).
    Note
    Note
    Store the certificate on a local drive and not on mapped drives.