Specifications

Policy Server for Cisco NAC

10-33

Policy Server SSL Certificate Preparation

To establish a secure SSL connection between the ACS server and the Policy Server,

prepare a certificate especially for use with SSL. Setup automatically generates the SSL

certificate.

To prepare the Policy Server SSL certificate for distribution:

1. Export the certificate from the Certification Store on mmc.

If the Policy server runs IIS:

a. On the Policy Server, click Start > Run. The Run screen opens.

b. Type mmc in the Open box. A new management console screen opens.

c. Click Console > Add/Remove Snap-in. the Add/Remove Snap-in screen

appears.

d. Click Add. The Add Standalone Snap-ins screen appears.

e. Click Certificates and click Add. The Certificates snap-in screen opens.

f. Click Computer Account and click Next. The Select Computer screen opens.

g. Click Local Computer and click Finish.

h. Click Close to close the Add Standalone Snap-in screen.

i. Click OK to close the Add/remove Snap-in screen.

j. In the tree view of the console, click Certificates (Local Computer) >

Trusted Root Certification Authorities > Certificates.

k. Select the certificate from the list.

Note: Check the certificate thumbprint by double-clicking the certificate and selecting

Properties. The thumbprint should be the same as the thumbprint for the

certificate located in the IIS console.

To verify this, open the IIS console and right click either virtual Web site or

default Web site (depending on the Web site on which you installed Policy

Server) and then select Properties. Click Directory Security and then click

View Certificate to view the certificate details, including the thumbprint.

l. Click Action > All Tasks > Export... The Certificate Export Wizard opens.