Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 4.2 enable https

I have 2 Cisco ACS appliances running ACS v4.2.0.124.  They are configured for database sync.  I would like to enable HTTPS for administrator sessions.  I want to do self-signed certificate.  I've downloaded an eval v4.2 windows version and tested the procedure successfully. 

My question is how is the appliance different then my test server?  I am confused about the path where to save "Certificate file" and "Private key file".  On my windows server I specified c:\cacs42\acs42.cer and c:\cacs42\acs42.pvk.  Will this example work for my appliances?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ACS 4.2 enable https

Certificate and private key file on a Cisco ACS appliance is generated and get saved on the local HDD.

Certificate file—The certificate file that you want to generate. When you submit this page, ACS creates the certificate file by using the location and filename that you specify.

ACS for Windows—Type the full directory path and name of the file; for example, c:\acs_server_cert\acs_server_cert.cer.

ACS Solution engine—Type only the name of the file; for example, acs_server_cert.cer. You don't need to specify the location.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4-2-1/User_Guide/acs421ug/SCAuth.html#wp327500

Are you try to backup this private file, or trying to pull this file out of the appliance? If yes, then the Generate Self-Signed Certificate edit page also contains mandatory configuration fields that you use to specify the FTP server to which the certificate file and the corresponding private key file are transferred:

FTP Server—The IP address or hostname of the FTP server where the certificate file and the corresponding private key file are to be transferred. If you specify a hostname, DNS must be enabled on your network and must be correctly configured on the serial console.

Login—A valid username that enables ACS to access the FTP server.

Tip The Login box accepts domain-qualified usernames in the format DOMAIN\username, which may be required if you are using a Microsoft FTP server.

Password—The password for the username provided in the Login box.

Remote Directory—The directory to which you want to transfer the files. The directory must be specified relative to the FTP root directory.

Let me know if you've any further questions.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
2 REPLIES
Cisco Employee

Re: ACS 4.2 enable https

Certificate and private key file on a Cisco ACS appliance is generated and get saved on the local HDD.

Certificate file—The certificate file that you want to generate. When you submit this page, ACS creates the certificate file by using the location and filename that you specify.

ACS for Windows—Type the full directory path and name of the file; for example, c:\acs_server_cert\acs_server_cert.cer.

ACS Solution engine—Type only the name of the file; for example, acs_server_cert.cer. You don't need to specify the location.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4-2-1/User_Guide/acs421ug/SCAuth.html#wp327500

Are you try to backup this private file, or trying to pull this file out of the appliance? If yes, then the Generate Self-Signed Certificate edit page also contains mandatory configuration fields that you use to specify the FTP server to which the certificate file and the corresponding private key file are transferred:

FTP Server—The IP address or hostname of the FTP server where the certificate file and the corresponding private key file are to be transferred. If you specify a hostname, DNS must be enabled on your network and must be correctly configured on the serial console.

Login—A valid username that enables ACS to access the FTP server.

Tip The Login box accepts domain-qualified usernames in the format DOMAIN\username, which may be required if you are using a Microsoft FTP server.

Password—The password for the username provided in the Login box.

Remote Directory—The directory to which you want to transfer the files. The directory must be specified relative to the FTP root directory.

Let me know if you've any further questions.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

ACS 4.2 enable https

Thank you Jatin.

201
Views
0
Helpful
2
Replies
CreatePlease login to create content