RSA key auth error on ASA

Answered Question
Sep 2nd, 2009
User Badges:

Hello,


I am trying to authenticate cisco 851 on ASA 5520 using digital certificates from MS CA. Got this error:

CRYPTO_PKI(make trustedCerts list)CRYPTO_PKI:check_key_usage: ExtendedKeyUsage OID = 1.3.6.1.5.5.8.2.2

CRYPTO_PKI:check_key_usage: ExtendedKeyUsage OID = 1.3.6.1.5.5.8.2.2, NOT acceptable

CRYPTO_PKI:check_key_usage: No acceptable ExtendedKeyUsage OIDs found


Correct Answer by Yudong Wu about 7 years 9 months ago

It looks like EKU(ExtendedKeyUsage) does not match. You can try to disable EKU check by adding the following command under trustpoint config:

ignore-ipsec-keyusage


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Yudong Wu Wed, 09/02/2009 - 11:22
User Badges:
  • Gold, 750 points or more

It looks like EKU(ExtendedKeyUsage) does not match. You can try to disable EKU check by adding the following command under trustpoint config:

ignore-ipsec-keyusage


Actions

This Discussion