Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
586
Views
0
Helpful
1
Replies

Authenticating CA on a Cisco Router 880

hgbragman
Level 1
Level 1

‎10-17-2008 04:38 AM - edited ‎02-21-2020 10:22 AM

Hi! I'm trying to auth my CA from my 880 cisco router, but get this message:

"% Do you accept this certificate? [yes/no]: yes

Trustpoint CA certificate accepted.

%PKI-3-UNUSABLE_KEY_USAGE: Key-usage type 'Certificate-Signing' for cert with serial number 65 is not usable."

I understand that the router maybe wants the KeyEncipherment, but how can this be? CertificateSigning is what a CA is for, isn't it?

Labels:
0 Helpful
1 Reply 1

Not applicable

‎10-23-2008 08:50 AM

The error message says that the given key-usage type is not usable by IOS. If seen during an import operation, this will likely cause the import to fail. Acceptable key-usage types should include Key-encipherment and/or digital-signature. Other key-usage types may be present, but will be ignored.

Recommended Action: Recreate the certificate with key-encipherment, digital-signature, or both.

The below URL helps you to configure certificates on IPsec devices:

http://www.cisco.com/en/US/docs/ios/11_3/feature/guide/interop.html#wp5370

To install and authenticate the CA certificates associated with a trustpoint, use the crypto ca authenticate command in global configuration mode.

Refer the below URL for more information:

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/c5_72.html#wp2062259

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents