Adding a certificate authority certificate – Cisco 3.3 User Manual

10-37

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 10 System Configuration: Authentication and Certificates

Cisco Secure ACS Certificate Setup

Step 7

Click Submit.

To show that the certificate setup is complete, Cisco Secure ACS displays the
Installed Certificate Information table, which contains the following certificate
information:

•

Issued to: certificate subject

•

Issued by: CA common name

•

Valid from:

•

Valid to:

•

Validity

Adding a Certificate Authority Certificate

Use this procedure to add new certification authority (CA) certificates to
Cisco Secure ACS local certificate storage.

Note

If the clients and Cisco Secure ACS are getting their certificates from the same
CA, you do not need to perform this procedure because Cisco Secure ACS
automatically trusts the CA that issued its certificate.

When a user certificate is from an unknown CA (that is, one that is different from
the CA that certifies the Cisco Secure ACS), you must specifically configure
Cisco Secure ACS to trust that CA or authentication fails. Until you perform this
procedure to explicitly extend trust by adding another CA, Cisco Secure ACS only
recognizes certificates from the CA that issued its own certificate.

Configuring Cisco Secure ACS to trust a specific CA is a two-step process that
comprises both this procedure of adding a CA’s certificate and the procedure in

Editing the Certificate Trust List, page 10-38

, where you signify that the

particular CA is to be trusted. (Cisco Secure ACS comes configured with a list of
popular CAs, none of which are enabled until you explicitly signify
trustworthiness.)