Cisco Secure Access Control Server Solution Engine

ACS Solution Engine (Appliance) for HTTPS Management Configuration Example

Document ID: 49941

Updated: Jun 14, 2006



This document describes how to set up the Cisco Secure ACS Solution Engine (SE) for HTTPS management.



Ensure that you meet this requirement before you attempt this configuration:

  • Web administration access to both the Cisco Secure ACS SE and the Microsoft CA server

Components Used

The information in this document is based on these software and hardware versions:

  • Cisco Secure ACS SE 3.2.2. build 5

  • Microsoft 2000 Stand Alone CA server

  • Microsoft 2000 Enterprise CA Server

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.


Refer to the Cisco Technical Tips Conventions for more information on document conventions.


This document uses these configurations steps:

  1. Login and click System Configuration.



  2. Click ACS Certificate Setup.


  3. Click Generate Certificate Signing Request.


  4. Fill out the form as you see here, click Submit, and note that your Certificate Signing Request is now ready by viewing it on the right-hand side of the window.


  5. Copy the Certificate Signing Request to a Notepad file for use during a later step.


  6. Browse to your Microsoft CA Server web page.

  7. Select Retrieve the CA certificate or certificate revocation list to download the CA Server Certificate.


  8. Click Next.

  9. Select Base 64 Encoded.


  10. Click Download CA certificate.


  11. Click Save and rename the CA Server Certificate from certnew.cer to a name that is easy to remember. This example uses ca-cert.cer. After the file is renamed, save this ca-cert.cer to the FTP server's root directory.

  12. Browse back to the CA Server's web page.


  13. Click Next and select Advanced Request.


  14. Click Next and select Submit a certificate request using a base64 encoded PKCS #10 file or a renewal request using a base64 encoded PKCS #7 file.


  15. Click Next and paste in the Certificate Service Request that you copied to a Notepad file from step 6.


  16. Click Submit.

  17. Select Base 64 encoded and click Download CA certificate.


  18. Click Save and rename this certificate from certnew.cer to a name that you can remember. This example uses acs-cert.cer. Save this file to your FTP server's root directory.

  19. In your ACS Server browse to System Configuration > ACS Certificate Setup > ACS Certification Authority Setup, click Download CA certificate file, and fill out the Download File section completely.


  20. Click Submit.


  21. Click Submit again.


  22. Select System Configuration > ACS Certificate Setup > Install ACS Certificate and click Download certificate file.

  23. Fill out the Download File section completely.


  24. Click Submit.


  25. Click Submit.


  26. Select System Configuration > ACS Certificate Setup > Edit Certificate Trust List and verify your CA server is listed. Once it is found, check the box next to the name.


  27. Click Submit.


  28. Select System Configuration > Service Control and click Restart.

  29. Select Administration Control > Access Policy and under the HTTP Configuration section under Secure Socket Layer Setup, check Use HTTPS Transport for Administration Access. Once this is complete click Submit. Your ACS SE is now able to be used via an SSL browser session.



There is currently no verification procedure available for this configuration.


There is currently no specific troubleshooting information available for this configuration.

Known Issue

If you see the Can't initialize HTTPS transport: server or certification authority certificate is not installed error, your ID certificate is not installed.

Related Information

Updated: Jun 14, 2006
Document ID: 49941