Contents
Index
Search
Search Knowledge Base
Collapse All
Expand All
Previous
Next
Search
Toggle Highlight
Exporting and Installing the CA Certificate for Distribution
Procedure
Export the certificate from the Certification Authority (CA) server:
On the CA server, click
Start
→
Run
.
The Run screen opens.
Type
mmc
in the
Open
box.
A new management console screen opens.
Click
File
→
Add/Remove Snap-in
.
The
Add/Remove Snap-in
screen appears.
Click
Certificates
and click
Add
.
The
Certificates snap-in
screen opens.
Click
Computer Account
and click
Next
.
The
Select Computer
screen opens.
Click
Local Computer
and click
Finish
.
Click
Close
to close the
Add Standalone Snap-in
screen.
Click
OK
to close the
Add/remove Snap-in
screen.
In the tree view of the console, click
Certificates
→
Trusted Root
→
Certificates
.
Select the certificate to distribute to clients and the ACS server from the list.
Click
Action
→
All Tasks
→
Export...
.
The
Certificate Export Wizard
opens.
Click
Next
.
Click
DER encoded binary x.509
and click
Next
.
Enter a file name and browse to a directory to which to export the certificate.
Click
Next
.
Click
Finish
.
A confirmation window displays.
Click
OK
.
Install the certificate on Cisco Secure ACS.
Click
System Configuration
→
ACS Certificate Setup
→
ACS Certification Authority Setup
.
Type the full path and file name of the certificate in the
CA certificate file
field.
Click
Submit
. Cisco Secure ACS prompts you to restart the service.
Click
System Configuration
→
Service Control
.
Click
Restart
. Cisco Secure ACS restarts.
Click
System Configuration
→
ACS Certificate Management
→
Edit Certificate Trust List
. The
Edit Certificate Trust List
screen appears.
Select the check box that corresponds to the certificate you imported in step b and click
Submit
. Cisco Secure ACS prompts you to restart the service.
Click
System Configuration
→
Service Control
.
Click
Restart
. Cisco Secure ACS restarts.
Copy the certificate (.cer file) to the OfficeScan server computer to deploy it to the client with the CTA (see for more information).
Note
Store the certificate on a local drive and not on mapped drives.