In this blog post, i would cover steps you need to setup an Enterprise Certificate Authority (CA) & in subsequent posts, i would demonstrate how to install an Enterprise CA issued Identity Certificate on Cisco Secure ACS 5.X Server . I would also walk-through a scenario with Extensible Authentication Protocol – Transport Layer Security (EAP-TLS) authentication setup for a Client.

As you might already know , Cisco Secure ACS 5.X already has a Self-Signed certificate (created during installation phase) . However, it can only be used for managing ACS via an administrative session (using HTTPS). This Self-Signed certificate cannot be used for any other purpose e.g EAP-TLS authentication etc. For this purpose, you require an External Certificate Authority to issue a certificate to an ACS Server 5.x . This post will show you how to setup an Certificate Authority (CA) on a Windows 2008 R2 Server. In next post, i would show how to generate a Certificate Signing Request (CSR) from ACS Server 5.X ,using CA to issue certificate & importing that certificate to Cisco Secure ACS 5.x & using it in EAP-TLS authentication scenario. More scenarios are covered in underlying Cisco Secure ACS 5.X Scenario based deployment Guide


Let’s first setup a Certificate Authority on a Windows 2008 R2 Server . Follow these steps : (Click on an Image to enlarge it )

  • First, start the Server Manager & Click Add Roles under Roles Summary.

















  • Under Role services check Certification Authority and Certification Authority Web Enrollment.  Click Next










  • Proceed with Enterprise CA selection (default) & click Next










  • Since this if our first CA, so choose Root CA and click Next










  • Since its a new Certificate Authority (CA) without existing keys so, select Create an new private key and click Next










  • Select the CSP, hashing method, and key length and click Next










  • Keep the defaults and click Next










  • Choose Validity Period as you desire (default) in this case and click Next











  • Accept the default database locations and click Next.










  • Next, complete the Web Server (IIS) Installation wizard in similar way



















  • Next, click Install to complete selected component (CA , Web Server) Installation



























  • And you are done !

In subsequent posts,  I will cover on how you can generate Certificate Signing Request (CSR) on ACS , enroll / install Certificate on ACS & setup EAP-TLS authentication Scenario for a client supplicant.

Reference : Cisco Secure ACS Server Scenario-based Deployment Guide CS-ACS 5.2

Tags: , , , , ,

Fatal error: Uncaught Exception: 12: REST API is deprecated for versions v2.1 and higher (12) thrown in /home/content/77/7148577/html/wp-content/plugins/seo-facebook-comments/facebook/base_facebook.php on line 1044