beautypg.com

Using self-signed certificates, About self-signed certificates, Using self-signed – Cisco 3.3 User Manual

Page 427

background image

10-47

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 10 System Configuration: Authentication and Certificates

Cisco Secure ACS Certificate Setup

Using Self-Signed Certificates

You can use Cisco Secure ACS to generate a self-signed digital certificate to be
used for PEAP authentication protocol or for HTTPS support of Cisco Secure
ACS administration. This capability supports TLS/SSL protocols and
technologies without the requirement of interacting with a CA.

This section contains the following topics:

About Self-Signed Certificates, page 10-47

Self-Signed Certificate Configuration Options, page 10-48

Generating a Self-Signed Certificate, page 10-49

About Self-Signed Certificates

Cisco Secure ACS supports TLS/SSL-related protocols, including PEAP and
HTTPS, that require the use of digital certificates. Employing self-signed
certificates is a way for administrators to meet this requirement without having to
interact with a certification authority (CA) to obtain and install the certificate for
the Cisco Secure ACS. The self-signed certificate feature in Cisco Secure ACS
allows the administrator to generate the self-signed digital certificate and use it
for PEAP authentication protocol or for HTTPS support in web administration
service.

Other than the lack of interaction with a CA to obtain the certificate, installing a
self-signed certificate requires exactly the same actions as any other digital
certificate. Although Cisco Secure ACS does not support the replication of
self-signed certificates, you can export a certificate for use on more than one
Cisco Secure ACS. To do this, you copy the certificate file (.cer format) and the
corresponding private key file (.pvk format) to another Cisco Secure ACS where
you then install the certificate in the standard manner. For information on
installing certificates, see

Installing a Cisco Secure ACS Server Certificate,

page 10-35

.

To ensure that a self-signed certificate interoperates with the client, refer to your
client documentation. You may find that you must import the self-signed server
certificate as a CA certificate on your particular client.