Cisco Systems OL-24201-01 Camera Accessories User Manual

Open as PDF

of 650

4-10

User Guide for Cisco Secure Access Control System 5.3

OL-24201-01

Chapter 4 Common Scenarios Using ACS

Certificate-Based Network Access

You can configure two types of certificates in ACS:

• Trust certificate—Also known as CA certificate. Used to form CTL trust hierarchy for verification

of remote certificates.

• Local certificate—Also known as local server certificate. The client uses the local certificate with

various protocols to authenticate the ACS server. This certificate is maintained in association with

its private key, which is used to prove possession of the certificate.

Note During certificate-based access (or password-based access), the user is not only authenticated but also

authorized according to the ACS configuration. And if NAS sends accounting requests, the user is also

accounted.

Related Topics

• Configuring CA Certificates, page 8-68

• Configuring Local Server Certificates, page 18-14

• Using Certificates in ACS, page 4-10

Using Certificates in ACS

The three use cases for certificates in ACS 5.3 are:

• Certificate-Based Network Access for EAP-TLS, page 4-10

• Authorizing the ACS Web Interface from Your Browser Using a Certificate, page 4-11

• Validating an LDAP Secure Authentication Connection, page 4-12

Certificate-Based Network Access for EAP-TLS

For TLS- related EAP protocols, you must set up a server certificate from the local certificate store and

a trust list certificate to authenticate the client. You can choose the trust certificate from any of the

certificates in the local certificate store.

To use EAP-TLS, you must obtain and install trust certificates. The information about how to perform

the tasks is located in the relevant task chapters.

Before you Begin:

Set up the server by configuring:

• EAP-TLS.

• The local certificate. See Configuring Local Server Certificates, page 18-14.

To configure certificate-based network access for EAP-TLS:

Step 1 Configure the trust certificate list. See Configuring CA Certificates, page 8-68, for more information.

Step 2 Configure the LDAP external identity store. You might want to do this to verify the certificate against a

certificate stored in LDAP. See Creating External LDAP Identity Stores, page 8-26, for details.

Step 3 Set up the Certificate Authentication Profile. See Configuring Certificate Authentication Profiles,

page 8-72, for details.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems OL-24201-01 Camera Accessories User Manual