Preparing the IIS Policy Server SSL Certificate Parent topic

Procedure

  1. Export the certificate from the Certification Store on mmc.
    1. On the Policy Server, click StartRun.
      The Run screen opens.
    2. Type mmc in the Open box.
      A new management console screen opens.
    3. Click ConsoleAdd/Remove Snap-in.
      The Add/Remove Snap-in screen appears.
    4. Click Add.
      The Add Standalone Snap-ins screen appears.
    5. Click Certificates and click Add.
      The Certificates snap-in screen opens.
    6. Click Computer Account and click Next.
      The Select Computer screen opens.
    7. Click Local Computer and click Finish.
    8. Click Close to close the Add Standalone Snap-in screen.
    9. Click OK to close the Add/remove Snap-in screen.
    10. In the tree view of the console, click Certificates (Local Computer)Trusted Root Certification AuthoritiesCertificates.
    11. Select the certificate from the list.
      Note
      Note
      Check the certificate thumbprint by double-clicking the certificate and selecting Properties. The thumbprint should be the same as the thumbprint for the certificate located in the IIS console.
      To verify this, open the IIS console and right click either virtual Web site or default Web site (depending on the website on which you installed Policy Server) and then select Properties. Click Directory Security and then click View Certificate to view the certificate details, including the thumbprint.
    12. Click ActionAll TasksExport.... The Certificate Export Wizard opens.
    13. Click Next.
    14. Click DER encoded binary x.509 or Base 64 encoded X.509 and click Next.
    15. Enter a file name and browse to a directory to which to export the certificate.
    16. Click Next.
    17. Click Finish. A confirmation window displays.
    18. Click OK.
  2. Install the certificate on Cisco Secure ACS.
    1. On the ACS web console, click System ConfigurationACS Certificate SetupACS Certification Authority Setup.
    2. Type the full path and file name of the certificate in the CA certificate file field.
    3. Click Submit. Cisco Secure ACS prompts you to restart the service.
    4. Click System ConfigurationService Control.
    5. Click Restart. Cisco Secure ACS restarts.