INSTALLATION INSTRUCTIONS FOR CISCO SECURE ACS 4.

FIRST, YOU MUST OBTAIN THE SSL CERTIFICATES

1. Your Symantec certificate will be sent as an attachment (Cert.cer) to your e-mail.

2. Then, the certificate needs to be copied and pasted into a text file like Vi or Notepad. The text file will look like: ——-BEGIN CERTIFICATE——-, Then ——-END CERTIFICATE———.

3. There must be 5 dashes on each side of BEGIN CERTIFICATE and END CERTIFICATE without any spaces, and no extra line breaks or characters added.

TIP: There is also a way to download the certificate from your Symantec Trust Center account if necessary at this link: https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=SO8061

After downloading the certificate, select X.509 for the format and copy the End Entity Certificate.

4. Then, Save the file with “.cer” listed.

SECOND, DOWNLOAD THE SYMANTEC INTERMEDIATE CA CERTIFICATE

1. Go to this link to download the Intermediate CA Certificate: https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=INFO657

2. To find out which certificate you purchased follow the directions on this link: https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=SO13499

3. Then, open Notepad and paste the Intermediate CA certificate there.

4. Be sure to note that there must be 5 dashes on both sides of BEGIN CERTIFICATE and END CERTIFICATE.

5. Lastly, save the file under the name intermediate.cer

THIRD, COPY THE CERTIFICATE AND THE CA CERTIFICATE TO THE ACS HOST:

1. Select a \certs directory within the ACS server.

2. Then, select the DOS command window.

3. Next, you must make a certificates directory as: mkdir < selected_drive>:\certs. Be sure to note that selected_drive is the currently selected drive.

4. Then, copy the files listed below to the \certs directory:

ACS-1.nac.cisco.com.cer (SSL)

ACS-1.privatekey.txt (Private Key)

ca.nac.cisco.com.cer (CA)

FOURTH, CREATE THE ACS CERTIFICATION AUTHORITY

1. First, you must download and install the Symantec Root CA shown on this link: https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=SO4785

2. Then, select System Configuration.

3. Proceed to ACS Certificate Setup by selecting it.

4. On the ACS Certificate Setup window, select ACS Certification Authority Setup.

5. Type in the file of the certificate authority and select Submit.

6. Lastly, restart ACS. You do this by choosing System Configuration, selecting Service Control, and pressing Restart.

FIFTH, EDIT THE CERTIFICATE TRUST LIST

Be sure to remember that when you are done setting up the ACS certificate, you need to add the CA certificate to the ACS Certificate Trust List.

1. First, select System Configuration.

2. Next, click the ACS Certificate Setup. When this page opens, select Edit Certificate Trust List.

3. Look for the CA Certificate you installed earlier and be sure to check the box by it.

4. Press Submit.

5. Lastly, restart ACS. You can do this by selecting System Configuration, then proceeding to Service Control, then selecting Restart.

SIXTH, YOU MUST INSTALL THE SYSTEMATIC INTERMEDIATE CA CERTIFICATE

1. First, click System Configuration. Then, proceed to ACS Certificate Setup. Next, choose ACS Certification Authority Setup.

2. Type in your CA certificate location in the text box labeled CA certificate file.

3. Lastly, select Submit.

SEVENTH, YOU MUST INSTALL THE SSL CERTIFICATE

1. First, Select System Configuration.

2. Once the System Configuration window opens, select ACS Certificate Setup.

3. Next, choose Install ACS Certificate.

4. Select the Read certificate from file option.

5. Then, within the Certificate file enter in the location of your server certificate. For example: c:\Certs\server.cer.

6. Under the Private Key file, enter in the server certificate private key location. For example: c:\Certs\server.pvk

7. Within the Private Key password field, type in your password.

8. Select Submit.

9. Next, you will be prompted to restart the ACS. To do this you will select System Configuration, then click Service Control, and press Restart.