cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
686
Views
0
Helpful
2
Replies

RSA key auth error on ASA

masaltsev
Level 1
Level 1

Hello,

I am trying to authenticate cisco 851 on ASA 5520 using digital certificates from MS CA. Got this error:

CRYPTO_PKI(make trustedCerts list)CRYPTO_PKI:check_key_usage: ExtendedKeyUsage OID = 1.3.6.1.5.5.8.2.2

CRYPTO_PKI:check_key_usage: ExtendedKeyUsage OID = 1.3.6.1.5.5.8.2.2, NOT acceptable

CRYPTO_PKI:check_key_usage: No acceptable ExtendedKeyUsage OIDs found

1 Accepted Solution

Accepted Solutions

Yudong Wu
Level 7
Level 7

It looks like EKU(ExtendedKeyUsage) does not match. You can try to disable EKU check by adding the following command under trustpoint config:

ignore-ipsec-keyusage

View solution in original post

2 Replies 2

Yudong Wu
Level 7
Level 7

It looks like EKU(ExtendedKeyUsage) does not match. You can try to disable EKU check by adding the following command under trustpoint config:

ignore-ipsec-keyusage

Thanks!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: