RSA key auth error on ASA

Answered Question
Sep 2nd, 2009

Hello,

I am trying to authenticate cisco 851 on ASA 5520 using digital certificates from MS CA. Got this error:

CRYPTO_PKI(make trustedCerts list)CRYPTO_PKI:check_key_usage: ExtendedKeyUsage OID = 1.3.6.1.5.5.8.2.2

CRYPTO_PKI:check_key_usage: ExtendedKeyUsage OID = 1.3.6.1.5.5.8.2.2, NOT acceptable

CRYPTO_PKI:check_key_usage: No acceptable ExtendedKeyUsage OIDs found

I have this problem too.
0 votes
Correct Answer by Yudong Wu about 7 years 4 months ago

It looks like EKU(ExtendedKeyUsage) does not match. You can try to disable EKU check by adding the following command under trustpoint config:

ignore-ipsec-keyusage

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Yudong Wu Wed, 09/02/2009 - 11:22

It looks like EKU(ExtendedKeyUsage) does not match. You can try to disable EKU check by adding the following command under trustpoint config:

ignore-ipsec-keyusage

Actions

This Discussion