Specifications
Policy Server for Cisco NAC
10-19
The CA Certificate
OfficeScan clients with CTA installations authenticate with the ACS server before
communicating client security posture. Several methods are available for authentication
(see the Cisco Secure ACS documentation for details). For example, you may already
have enabled computer authentication for Cisco Secure ACS using Windows Active
Directory, which you can configure to automatically produce an end user client
certificate when adding a new computer in Active Directory. For instructions, see
Microsoft Knowledge Base Article 313407, HOW TO: Create Automatic Certificate
Requests with Group Policy in Windows.
For users with their own Certificate Authority (CA) server, but whose end user clients
do not yet have certificates, OfficeScan provides a mechanism to distribute a root
certificate to OfficeScan clients. Distribute the certificate during OfficeScan installation
or from the OfficeScan Web Console. OfficeScan distributes the certificate when it
deploys the Cisco Trust Agent to clients (see Cisco Trust Agent Deployment on page 10-26).
Note: If you already acquired a certificate from a Certificate Authority or produced your
own certificate and distributed it to end user clients, it is not necessary to do so again.
Before distributing the certificate to clients, enroll the ACS server with the CA server
and then prepare the certificate (see Cisco Secure ACS Server Enrolment on page 10-24 for
details).
Policy Server System Requirements
Before installing Policy Server, check if the computer meets the following requirements:
Operating System
• Windows 2000 Professional with Service Pack 4
• Windows 2000 Server with Service Pack 4
• Windows 2000 Advanced Server with Service Pack 4
• Windows XP Professional with Service Pack 2 or later, 32-bit and 64-bit
• Windows Server 2003 (Standard and Enterprise Editions) with Service Pack 2 or
later, 32-bit and 64-bit
• Windows Cluster Server 2000