Guest

Cisco Secure Access Control Server Solution Engine

ACS Solution Engine (Appliance) for HTTPS Management Configuration Example

Document ID: 49941

Updated: Jun 14, 2006

   Print

Introduction

This document describes how to set up the Cisco Secure ACS Solution Engine (SE) for HTTPS management.

Prerequisites

Requirements

Ensure that you meet this requirement before you attempt this configuration:

  • Web administration access to both the Cisco Secure ACS SE and the Microsoft CA server

Components Used

The information in this document is based on these software and hardware versions:

  • Cisco Secure ACS SE 3.2.2. build 5

  • Microsoft 2000 Stand Alone CA server

  • Microsoft 2000 Enterprise CA Server

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to the Cisco Technical Tips Conventions for more information on document conventions.

Configure

This document uses these configurations steps:

  1. Login and click System Configuration.

    config-acs-sol-eng-a.gif

    config-acs-sol-eng-b.gif

  2. Click ACS Certificate Setup.

    config-acs-sol-eng-b.gif

  3. Click Generate Certificate Signing Request.

    config-acs-sol-eng-d.gif

  4. Fill out the form as you see here, click Submit, and note that your Certificate Signing Request is now ready by viewing it on the right-hand side of the window.

    config-acs-sol-eng-e.gif

  5. Copy the Certificate Signing Request to a Notepad file for use during a later step.

    config-acs-sol-eng-f.gif

  6. Browse to your Microsoft CA Server web page.

  7. Select Retrieve the CA certificate or certificate revocation list to download the CA Server Certificate.

    config-acs-sol-eng-1.gif

  8. Click Next.

  9. Select Base 64 Encoded.

    config-acs-sol-eng-2.gif

  10. Click Download CA certificate.

    config-acs-sol-eng-3.gif

  11. Click Save and rename the CA Server Certificate from certnew.cer to a name that is easy to remember. This example uses ca-cert.cer. After the file is renamed, save this ca-cert.cer to the FTP server's root directory.

  12. Browse back to the CA Server's web page.

    config-acs-sol-eng-4.gif

  13. Click Next and select Advanced Request.

    config-acs-sol-eng-5.gif

  14. Click Next and select Submit a certificate request using a base64 encoded PKCS #10 file or a renewal request using a base64 encoded PKCS #7 file.

    config-acs-sol-eng-6.gif

  15. Click Next and paste in the Certificate Service Request that you copied to a Notepad file from step 6.

    config-acs-sol-eng-7.gif

  16. Click Submit.

  17. Select Base 64 encoded and click Download CA certificate.

    config-acs-sol-eng-8.gif

  18. Click Save and rename this certificate from certnew.cer to a name that you can remember. This example uses acs-cert.cer. Save this file to your FTP server's root directory.

  19. In your ACS Server browse to System Configuration > ACS Certificate Setup > ACS Certification Authority Setup, click Download CA certificate file, and fill out the Download File section completely.

    config-acs-sol-eng-9.gif

  20. Click Submit.

    config-acs-sol-eng-10.gif

  21. Click Submit again.

    config-acs-sol-eng-11.gif

  22. Select System Configuration > ACS Certificate Setup > Install ACS Certificate and click Download certificate file.

  23. Fill out the Download File section completely.

    config-acs-sol-eng-12.gif

  24. Click Submit.

    config-acs-sol-eng-13.gif

  25. Click Submit.

    config-acs-sol-eng-14.gif

  26. Select System Configuration > ACS Certificate Setup > Edit Certificate Trust List and verify your CA server is listed. Once it is found, check the box next to the name.

    config-acs-sol-eng-15.gif

  27. Click Submit.

    config-acs-sol-eng-16.gif

  28. Select System Configuration > Service Control and click Restart.

  29. Select Administration Control > Access Policy and under the HTTP Configuration section under Secure Socket Layer Setup, check Use HTTPS Transport for Administration Access. Once this is complete click Submit. Your ACS SE is now able to be used via an SSL browser session.

    config-acs-sol-eng-17.gif

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Known Issue

If you see the Can't initialize HTTPS transport: server or certification authority certificate is not installed error, your ID certificate is not installed.

Related Information

Updated: Jun 14, 2006
Document ID: 49941