First we will start with Root CA Certificate installation:
Login to Certificate server http://<ip or xyz>/certsrv
Click on “Download a CA Certificate, certificate chain or CRL”
Select the Encoding Method „Base 64“and click on Download CA certificate.
Save it to a location on our file system.
Now we have Root CA, it’s time to install Root CA on ACS.
Login to ACS, go to Users and Identity Stores > External Identity Stores > Certificate Authorities
Click on Add.
Now Browse the Root CA, tick the check box “Trust for client with EAP-TLS” (Specially for EAP-TLS authentication) otherwise we will get error…example: 12514 (Failed SSL/TLS handshake)
Then click on Submit.
Now we will Download /Install the ACS local server Certificate:
We must use these steps:
- Go to System Administration > Local Certificates, then click on Add
- Select Generate Certificate Signing Request:
- Fill the Certificate Subject name, Key length. Click Submit.
Select third option “Generate Certificate Signing Request”
Enter the Certificate subject name.
Choose key length to 1024 or 4096 (Max value).
Click Finish, this prompt will popup.
Click OK. Now we can this signing request under Outstanding signing Request.
Now Tick the request and click Export.
Save it and open in notepad.
Login backup to certificate server and this time click on Request a Certificate.
Paste the certificate signing request here (Which we opened in notepad)
**Select Web Server
Download the Base 64 coded certificate. Click “Download certificate”
Now login again to ACS, select Bind CA signed Certificate
Click Next, browse the Certificate here.
Also tick EAP and Management interface and click Submit.
Select OK and Click Finish.
Sometime we need to reboot ACS to complete the certificate installation.
That’s all About ACS certificate installation 🙂